Changeset 102717 in vbox

Timestamp:

Dec 27, 2023 7:45:49 PM (11 months ago)

Author:

vboxsync

Message:

VBox/VMM: Outlined native TLB lookup code for IEM_MC_MEM_MAP_XXXX on x86 hosts. Untested+disabled. bugref:10371

Location:

trunk

Files:

: 5 edited

include/iprt/armv8.h (modified) (1 diff)
include/iprt/x86.h (modified) (1 diff)
src/VBox/VMM/VMMAll/IEMAllN8veRecompiler.cpp (modified) (4 diffs)
src/VBox/VMM/include/IEMN8veRecompiler.h (modified) (3 diffs)
src/VBox/VMM/include/IEMN8veRecompilerEmit.h (modified) (30 diffs)

Legend:

: Unmodified
: Added
: Removed

trunk/include/iprt/armv8.h

-              r102688
+              r102717
 /**
+ * A64: Encodes an EXTR instruction with an immediate.
+ *
+ * @returns The encoded instruction.
+ * @param   iRegResult  The register to store the result in. ZR is valid.
+ * @param   iRegLow     The register holding the least significant bits in the
+ *                      extraction. ZR is valid.
+ * @param   iRegHigh    The register holding the most significant bits in the
+ *                      extraction. ZR is valid.
+ * @param   uLsb        The bit number of the least significant bit, or where in
+ *                      @a iRegLow to start the
+ *                      extraction.
+ * @param   f64Bit      true for 64-bit GRPs (default), false for 32-bit GPRs.
+ */
+DECL_FORCE_INLINE(uint32_t) Armv8A64MkInstrExtrImm(uint32_t iRegResult, uint32_t iRegLow, uint32_t iRegHigh, uint32_t uLsb,
+                                                   bool f64Bit = true)
+{
+    Assert(uLsb < (uint32_t)(f64Bit ? 64 : 32)); Assert(iRegHigh < 32); Assert(iRegLow < 32); Assert(iRegResult < 32);
+    return ((uint32_t)f64Bit       << 31)
+         | UINT32_C(0x13800000)
+         | ((uint32_t)f64Bit       << 22) /*N*/
+         | (iRegHigh               << 16)
+         | (uLsb                   << 10)
+         | (iRegLow                <<  5)
+         | iRegResult;
+}
+/** A64: Rotates the value of a register (alias for EXTR). */
+DECL_FORCE_INLINE(uint32_t) Armv8A64MkInstrRorImm(uint32_t iRegResult, uint32_t iRegSrc, uint32_t cShift, bool f64Bit = true)
+{
+    return Armv8A64MkInstrExtrImm(iRegResult, iRegSrc, iRegSrc, cShift, f64Bit);
+}
+/**
  * A64: Encodes either add, adds, sub or subs with unsigned 12-bit immediate.
+ *

trunk/include/iprt/x86.h

-              r102646
+              r102717
 /** @name X86DESCATTR masks
+ * Fields X86DESCGENERIC::u4Type thru X86DESCGENERIC::u1Granularity (or
+ * bits[55:40] if you like).  The X86DESCATTR_UNUSABLE bit is an Intel addition.
  * @{ */
 #define X86DESCATTR_TYPE            UINT32_C(0x0000000f)
 #define X86DESCATTR_DT              UINT32_C(0x00000010)
+#define X86DESCATTR_DT              UINT32_C(0x00000010)    /**< Descriptor type: 0=system, 1=code/data */
 #define X86DESCATTR_DPL             UINT32_C(0x00000060)
 #define X86DESCATTR_DPL_SHIFT       5 /**< Shift count for the DPL value. */
+#define X86DESCATTR_DPL_SHIFT       5                       /**< Shift count for the DPL bitfield. */
 #define X86DESCATTR_P               UINT32_C(0x00000080)
 #define X86DESCATTR_LIMIT_HIGH      UINT32_C(0x00000f00)

trunk/src/VBox/VMM/VMMAll/IEMAllN8veRecompiler.cpp

-              r102701
+              r102717
     /* [kIemNativeGstReg_SegLimitFirst + 4] = */        { CPUMCTX_OFF_AND_SIZE(aSRegs[4].u32Limit), "fs_limit", },
     /* [kIemNativeGstReg_SegLimitFirst + 5] = */        { CPUMCTX_OFF_AND_SIZE(aSRegs[5].u32Limit), "gs_limit", },
+    /* [kIemNativeGstReg_SegAttribFirst + 0] = */       { CPUMCTX_OFF_AND_SIZE(aSRegs[0].Attr.u),   "es_attrib", },
+    /* [kIemNativeGstReg_SegAttribFirst + 1] = */       { CPUMCTX_OFF_AND_SIZE(aSRegs[1].Attr.u),   "cs_attrib", },
+    /* [kIemNativeGstReg_SegAttribFirst + 2] = */       { CPUMCTX_OFF_AND_SIZE(aSRegs[2].Attr.u),   "ss_attrib", },
+    /* [kIemNativeGstReg_SegAttribFirst + 3] = */       { CPUMCTX_OFF_AND_SIZE(aSRegs[3].Attr.u),   "ds_attrib", },
+    /* [kIemNativeGstReg_SegAttribFirst + 4] = */       { CPUMCTX_OFF_AND_SIZE(aSRegs[4].Attr.u),   "fs_attrib", },
+    /* [kIemNativeGstReg_SegAttribFirst + 5] = */       { CPUMCTX_OFF_AND_SIZE(aSRegs[5].Attr.u),   "gs_attrib", },
 #undef CPUMCTX_OFF_AND_SIZE
 };
 …
 DECL_HIDDEN_THROW(uint8_t)
 iemNativeRegAllocTmpForGuestReg(PIEMRECOMPILERSTATE pReNative, uint32_t *poff, IEMNATIVEGSTREG enmGstReg,
+                                IEMNATIVEGSTREGUSE enmIntendedUse, bool fNoVolatileRegs /*=false*/)
+                                IEMNATIVEGSTREGUSE enmIntendedUse /*= kIemNativeGstRegUse_ReadOnly*/,
+                                bool fNoVolatileRegs /*= false*/)
+{
     Assert(enmGstReg < kIemNativeGstReg_End && g_aGstShadowInfo[enmGstReg].cb != 0);
 …
         Log11(("iemNativeVarRegisterAcquire: idxVar=%u idxReg=%u (matching arg %u)\n", idxVar, idxReg, uArgNo));
+    }
     else if (   idxRegPref < RT_ELEMENTS(pReNative->Core.aHstRegs)
+    else if (   idxRegPref >= RT_ELEMENTS(pReNative->Core.aHstRegs)
              || (pReNative->Core.bmHstRegs & RT_BIT_32(idxRegPref)))
+    {
 …
      * First we try to go via the TLB.
      */
+//pReNative->pInstrBuf[off++] = 0xcc;
+    /** @todo later. */
+#if defined(RT_ARCH_AMD64) && 0 /* untested code sketch */
+    uint8_t const   idxRegPtr       = iemNativeVarRegisterAcquire(pReNative, idxVarGCPtrMem, &off,
+                                                                  true /*fInitialized*/, IEMNATIVE_CALL_ARG2_GREG);
+    uint8_t const   idxRegSegBase   = iSegReg == UINT8_MAX ? UINT8_MAX
+                                    : iemNativeRegAllocTmpForGuestReg(pReNative, &off, IEMNATIVEGSTREG_SEG_BASE(iSegReg));
+    uint8_t const   idxRegSegLimit  = iSegReg == UINT8_MAX && (pReNative->fExec & IEM_F_MODE_CPUMODE_MASK) != IEMMODE_64BIT
+                                    ? UINT8_MAX
+                                    : iemNativeRegAllocTmpForGuestReg(pReNative, &off, IEMNATIVEGSTREG_SEG_LIMIT(iSegReg));
+    uint8_t const   idxRegSegAttrib = iSegReg == UINT8_MAX && (pReNative->fExec & IEM_F_MODE_CPUMODE_MASK) != IEMMODE_64BIT
+                                    ? UINT8_MAX
+                                    : iemNativeRegAllocTmpForGuestReg(pReNative, &off, IEMNATIVEGSTREG_SEG_ATTRIB(iSegReg));
+    uint8_t const   idxReg1         = iemNativeRegAllocTmp(pReNative, &off);
+    uint8_t const   idxReg2         = iemNativeRegAllocTmp(pReNative, &off);
+    uint8_t * const pbCodeBuf       = iemNativeInstrBufEnsure(pReNative, off, 256);
+    pbCodeBuf[off++] = 0xcc;
+    /*
+     * 1. Segmentation.
+     *
+     * 1a. Check segment limit and attributes if non-flat 32-bit code.  This is complicated.
+     */
+    if (iSegReg != UINT8_MAX && (pReNative->fExec & IEM_F_MODE_CPUMODE_MASK) != IEMMODE_64BIT)
+    {
+        /* If we're accessing more than one byte, put the last address we'll be
+           accessing in idxReg2 (64-bit). */
+        if (cbMem > 1)
+        {
+            /* mov reg2, cbMem-1 */
+            off = iemNativeEmitLoadGpr32ImmEx(pbCodeBuf, off, idxReg2, cbMem - 1);
+            /* add reg2, regptr */
+            off = iemNativeEmitAddTwoGprsEx(pbCodeBuf, off, idxReg2, idxRegPtr);
+        }
+        /* Check that we've got a segment loaded and that it allows the access.
+           For write access this means a writable data segment.
+           For read-only accesses this means a readable code segment or any data segment. */
+        if (fAccess & IEM_ACCESS_TYPE_WRITE)
+        {
+            uint32_t const fMustBe1 = X86DESCATTR_P        | X86DESCATTR_DT    | X86_SEL_TYPE_WRITE;
+            uint32_t const fMustBe0 = X86DESCATTR_UNUSABLE | X86_SEL_TYPE_CODE;
+            /* mov reg1, must1|must0 */
+            off = iemNativeEmitLoadGpr32ImmEx(pbCodeBuf, off, idxReg1, fMustBe1 | fMustBe0);
+            /* and reg1, segattrs */
+            off = iemNativeEmitAndGpr32ByGpr32Ex(pbCodeBuf, off, idxReg1, idxRegSegAttrib);
+            /* cmp reg1, must1 */
+            off = iemNativeEmitCmpGpr32WithImmEx(pbCodeBuf, off, idxReg1, fMustBe1);
+            /* jne tlbmiss */
+            off = iemNativeEmitJccToLabelEx(pReNative, pbCodeBuf, off, idxLabelTlbMiss, kIemNativeInstrCond_ne);
+        }
+        else
+        {
+            /*  U  | !P |!DT |!CD | RW |
+|  8 |  4 |  3 |  1 |
+              -------------------------------
+  |  0 |  0 |  0 |  0 | execute-only code segment. - must be excluded
+  |  0 |  0 |  0 |  1 | execute-read code segment.
+  |  0 |  0 |  1 |  0 | read-only data segment.
+  |  0 |  0 |  1 |  1 | read-write data segment.   - last valid combination
+            */
+            /* mov reg1, relevant attributes  */
+            off = iemNativeEmitCmpGpr32WithImmEx(pbCodeBuf, off, idxReg1,
+                                                   X86DESCATTR_UNUSABLE | X86DESCATTR_P | X86DESCATTR_DT
+                                                 | X86_SEL_TYPE_CODE    | X86_SEL_TYPE_WRITE);
+            /* and reg1, segattrs */
+            off = iemNativeEmitAndGpr32ByGpr32Ex(pbCodeBuf, off, idxReg1, idxRegSegAttrib);
+            /* xor reg1, X86DESCATTR_P | X86DESCATTR_DT | X86_SEL_TYPE_CODE ; place C=1 RW=0 at the bottom & limit the range. */
+            off = iemNativeEmitXorGpr32ByImmEx(pbCodeBuf, off, idxReg1, X86DESCATTR_P | X86DESCATTR_DT | X86_SEL_TYPE_CODE);
+            /* sub reg1, X86_SEL_TYPE_WRITE ; ER-code=0, EO-code=0xffffffff, R0-data=7, RW-data=9 */
+            off = iemNativeEmitSubGpr32ImmEx(pbCodeBuf, off, idxReg1, X86_SEL_TYPE_WRITE);
+            /* cmp reg1, X86_SEL_TYPE_CODE | X86_SEL_TYPE_WRITE */
+            AssertCompile((X86_SEL_TYPE_CODE | X86_SEL_TYPE_WRITE) - 1 == 9);
+            off = iemNativeEmitCmpGpr32WithImmEx(pbCodeBuf, off, idxReg1, (X86_SEL_TYPE_CODE | X86_SEL_TYPE_WRITE) - 1);
+            /* ja  tlbmiss */
+            off = iemNativeEmitJccToLabelEx(pReNative, pbCodeBuf, off, idxLabelTlbMiss, kIemNativeInstrCond_nbe);
+        }
+        /*
+         * Check the limit.  If this is a write access, we know that it's a
+         * data segment and includes the expand_down bit.  For read-only accesses
+         * we need to check that code/data=0 and expanddown=1 before continuing.
+         */
+        uint32_t offFixupCheckExpandDown;
+        if (fAccess & IEM_ACCESS_TYPE_WRITE)
+        {
+            /* test segattrs, X86_SEL_TYPE_DOWN */
+            AssertCompile(X86_SEL_TYPE_DOWN < 128);
+            off = iemNativeEmitTestAnyBitsInGpr8Ex(pbCodeBuf, off, idxRegSegAttrib, X86_SEL_TYPE_DOWN);
+            /* jnz  check_expand_down */
+            offFixupCheckExpandDown = off;
+            off = iemNativeEmitJccToFixedEx(pbCodeBuf, off, off /*ASSUMES rel8 suffices*/, kIemNativeInstrCond_ne);
+        }
+        else
+        {
+            /* mov reg1, segattrs */
+            off = iemNativeEmitLoadGprFromGpr32Ex(pbCodeBuf, off, idxReg1, idxRegSegAttrib);
+            /* and reg1, code | down */
+            off = iemNativeEmitAndGpr32ByImmEx(pbCodeBuf, off, idxReg1, X86_SEL_TYPE_CODE | X86_SEL_TYPE_DOWN);
+            /* cmp reg1, down */
+            off = iemNativeEmitCmpGpr32WithImmEx(pbCodeBuf, off, idxReg1, X86_SEL_TYPE_DOWN);
+            /* je check_expand_down */
+            offFixupCheckExpandDown = off;
+            off = iemNativeEmitJccToFixedEx(pbCodeBuf, off, off /*ASSUMES rel8 suffices*/, kIemNativeInstrCond_e);
+        }
+        /* expand_up:
+           cmp  regptr/reg2, seglim */
+        off = iemNativeEmitCmpGprWithGprEx(pbCodeBuf, off, cbMem > 1 ? idxReg2 : idxRegPtr, idxRegSegLimit);
+        /* ja   tlbmiss */
+        off = iemNativeEmitJccToLabelEx(pReNative, pbCodeBuf, off, idxLabelTlbMiss, kIemNativeInstrCond_nbe);
+        /* jmp  limitdone */
+        uint32_t const offFixupLimitDone = off;
+        off = iemNativeEmitJmpToFixedEx(pbCodeBuf, off, off /*ASSUMES rel8 suffices*/);
+        /* check_expand_down: ; complicted! */
+        iemNativeFixupFixedJump(pReNative, offFixupCheckExpandDown, off);
+        /* cmp  regptr, seglim */
+        off = iemNativeEmitCmpGprWithGprEx(pbCodeBuf, off, idxRegPtr, idxRegSegLimit);
+        /* jbe  tlbmiss */
+        off = iemNativeEmitJccToLabelEx(pReNative, pbCodeBuf, off, idxLabelTlbMiss, kIemNativeInstrCond_be);
+        /* mov  reg1, X86DESCATTR_D (0x4000) */
+        off = iemNativeEmitCmpGpr32WithImmEx(pbCodeBuf, off, idxReg1, X86DESCATTR_D);
+        /* and  reg1, segattr */
+        off = iemNativeEmitAndGpr32ByGpr32Ex(pbCodeBuf, off, idxReg1, idxRegSegAttrib);
+        /* xor  reg1, X86DESCATTR_D */
+        off = iemNativeEmitXorGpr32ByImmEx(pbCodeBuf, off, idxReg1, X86DESCATTR_D);
+        /* shl  reg1, 2 (16 - 14) */
+        AssertCompile((X86DESCATTR_D << 2) == UINT32_C(0x10000));
+        off = iemNativeEmitShiftGpr32LeftEx(pbCodeBuf, off, idxReg1, 2);
+        /* dec  reg1 (=> 0xffff if D=0; 0xffffffff if D=1) */
+        off = iemNativeEmitSubGpr32ImmEx(pbCodeBuf, off, idxReg1, 1);
+        /* cmp  reg2, reg1 (64-bit) */
+        off = iemNativeEmitCmpGpr32WithGprEx(pbCodeBuf, off, idxReg2, idxReg1);
+        /* ja   tlbmiss */
+        off = iemNativeEmitJccToLabelEx(pReNative, pbCodeBuf, off, idxLabelTlbMiss, kIemNativeInstrCond_nbe);
+        /* limitdone: */
+        iemNativeFixupFixedJump(pReNative, offFixupLimitDone, off);
+    }
+    /* 1b. Add the segment base. We use idxRegMemResult for the ptr register if this step is required. */
+    uint8_t const idxRegFlatPtr = iSegReg != UINT8_MAX ? idxRegMemResult : idxRegPtr;
+    if (iSegReg != UINT8_MAX)
+    {
+        if ((pReNative->fExec & IEM_F_MODE_MASK) == IEM_F_MODE_X86_64BIT)
+        {
+            Assert(iSegReg >= X86_SREG_FS);
+            /* mov regflat, regptr */
+            off = iemNativeEmitLoadGprFromGprEx(pbCodeBuf, off, idxRegFlatPtr, idxRegPtr);
+            /* add regflat, seg.base */
+            off = iemNativeEmitAddTwoGprsEx(pbCodeBuf, off, idxRegFlatPtr, idxRegSegBase);
+        }
+        else
+        {
+            /* mov regflat, regptr */
+            off = iemNativeEmitLoadGprFromGpr32Ex(pbCodeBuf, off, idxRegFlatPtr, idxRegPtr);
+            /* add regflat, seg.base */
+            off = iemNativeEmitAddTwoGprs32Ex(pbCodeBuf, off, idxRegFlatPtr, idxRegSegBase);
+        }
+    }
+    /*
+     * 2. Check that the address doesn't cross a page boundrary and doesn't have alignment issues.
+     *
+     * 2a. Alignment check using fAlignMask.
+     */
+    Assert(RT_IS_POWER_OF_TWO(fAlignMask + 1));
+    Assert(fAlignMask < 128);
+    /* test regflat, fAlignMask */
+    off = iemNativeEmitTestAnyBitsInGpr8Ex(pbCodeBuf, off, idxRegFlatPtr, fAlignMask);
+    /* jnz tlbmiss */
+    off = iemNativeEmitJccToLabelEx(pReNative, pbCodeBuf, off, idxLabelTlbMiss, kIemNativeInstrCond_ne);
+    /*
+     * 2b. Check that it's not crossing page a boundrary. This is implicit in
+     *     the previous test if the alignment is same or larger than the type.
+     */
+    if (cbMem > fAlignMask + 1)
+    {
+        /* mov reg1, 0xfff */
+        off = iemNativeEmitLoadGpr32ImmEx(pbCodeBuf, off, idxReg1, GUEST_PAGE_OFFSET_MASK);
+        /* and reg1, regflat */
+        off = iemNativeEmitAndGpr32ByGpr32Ex(pbCodeBuf, off, idxReg1, idxRegFlatPtr);
+        /* neg reg1 */
+        off = iemNativeEmitNegGpr32Ex(pbCodeBuf, off, idxReg1);
+        /* add reg1, 0x1000 */
+        off = iemNativeEmitAddGpr32ImmEx(pbCodeBuf, off, idxReg1, GUEST_PAGE_SIZE);
+        /* cmp reg1, cbMem */
+        off = iemNativeEmitCmpGpr32WithImmEx(pbCodeBuf, off, idxReg1, GUEST_PAGE_SIZE);
+        /* ja  tlbmiss */
+        off = iemNativeEmitJccToLabelEx(pReNative, pbCodeBuf, off, idxLabelTlbMiss, kIemNativeInstrCond_nbe);
+    }
+    /*
+     * 3. TLB lookup.
+     *
+     * 3a. Calculate the TLB tag value (IEMTLB_CALC_TAG).
+     *     In 64-bit mode we will also check for non-canonical addresses here.
+     */
+    if ((pReNative->fExec & IEM_F_MODE_MASK) == IEM_F_MODE_X86_64BIT)
+    {
+        /* mov reg1, regflat */
+        off = iemNativeEmitLoadGprFromGprEx(pbCodeBuf, off, idxReg1, idxRegFlatPtr);
+        /* rol reg1, 16 */
+        off = iemNativeEmitRotateGprLeftEx(pbCodeBuf, off, idxReg1, 16);
+        /** @todo Would 'movsx reg2, word reg1' and working on reg2 in dwords be faster? */
+        /* inc word reg1 */
+        pbCodeBuf[off++] = X86_OP_PRF_SIZE_OP;
+        if (idxReg1 >= 8)
+            pbCodeBuf[off++] = X86_OP_REX_B;
+        pbCodeBuf[off++] = 0xff;
+        pbCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, 0, idxReg1 & 7);
+        /* cmp word reg1, 1 */
+        pbCodeBuf[off++] = X86_OP_PRF_SIZE_OP;
+        if (idxReg1 >= 8)
+            pbCodeBuf[off++] = X86_OP_REX_B;
+        pbCodeBuf[off++] = 0x83;
+        pbCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, 7, idxReg1 & 7);
+        pbCodeBuf[off++] = 1;
+        /* ja  tlbmiss */
+        off = iemNativeEmitJccToLabelEx(pReNative, pbCodeBuf, off, idxLabelTlbMiss, kIemNativeInstrCond_nbe);
+        /* shr reg1, 16 + GUEST_PAGE_SHIFT */
+        off = iemNativeEmitShiftGprRightEx(pbCodeBuf, off, idxReg1, 16 + GUEST_PAGE_SHIFT);
+    }
+    else
+    {
+        /* mov reg1, regflat */
+        off = iemNativeEmitLoadGprFromGpr32Ex(pbCodeBuf, off, idxReg1, idxRegFlatPtr);
+        /* shr reg1, GUEST_PAGE_SHIFT */
+        off = iemNativeEmitShiftGpr32RightEx(pbCodeBuf, off, idxReg1, GUEST_PAGE_SHIFT);
+    }
+    /* or  reg1, [qword pVCpu->iem.s.DataTlb.uTlbRevision] */
+    pbCodeBuf[off++] = idxReg1 < 8 ? X86_OP_REX_W : X86_OP_REX_W | X86_OP_REX_R;
+    pbCodeBuf[off++] = 0x0b; /* OR r64,r/m64 */
+    off = iemNativeEmitGprByVCpuDisp(pbCodeBuf, off, idxReg1, RT_UOFFSETOF(VMCPUCC, iem.s.DataTlb.uTlbRevision));
+    /*
+     * 3b. Calc pTlbe.
+     */
+    /* movzx reg2, byte reg1 */
+    off = iemNativeEmitLoadGprFromGpr8Ex(pbCodeBuf, off, idxReg2, idxReg1);
+    /* shl   reg2, 5 ; reg2 *= sizeof(IEMTLBENTRY) */
+    AssertCompileSize(IEMTLBENTRY, 32);
+    off = iemNativeEmitShiftGprLeftEx(pbCodeBuf, off, idxReg2, 5);
+    /* lea   reg2, [pVCpu->iem.s.DataTlb.aEntries + reg2] */
+    AssertCompile(IEMNATIVE_REG_FIXED_PVMCPU < 8);
+    pbCodeBuf[off++] = idxReg2 < 8 ? X86_OP_REX_W : X86_OP_REX_W | X86_OP_REX_X | X86_OP_REX_R;
+    pbCodeBuf[off++] = 0x8d;
+    pbCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_MEM4, idxReg2 & 7, 4 /*SIB*/);
+    pbCodeBuf[off++] = X86_SIB_MAKE(IEMNATIVE_REG_FIXED_PVMCPU & 7, idxReg2 & 7, 0);
+    pbCodeBuf[off++] = RT_BYTE1(RT_UOFFSETOF(VMCPUCC,  iem.s.DataTlb.aEntries));
+    pbCodeBuf[off++] = RT_BYTE2(RT_UOFFSETOF(VMCPUCC,  iem.s.DataTlb.aEntries));
+    pbCodeBuf[off++] = RT_BYTE3(RT_UOFFSETOF(VMCPUCC,  iem.s.DataTlb.aEntries));
+    pbCodeBuf[off++] = RT_BYTE4(RT_UOFFSETOF(VMCPUCC,  iem.s.DataTlb.aEntries));
+    /*
+     * 3c. Compare the TLBE.uTag with the one from 2a (reg1).
+     */
+    /* cmp reg1, [reg2] */
+    pbCodeBuf[off++] = X86_OP_REX_W | (idxReg1 < 8 ? 0 : X86_OP_REX_R) | (idxReg2 < 8 ? 0 : X86_OP_REX_B);
+    pbCodeBuf[off++] = 0x3b;
+    off = iemNativeEmitGprByGprDisp(pbCodeBuf, off, idxReg1, idxReg2, RT_UOFFSETOF(IEMTLBENTRY, uTag));
+    /* jne tlbmiss */
+    off = iemNativeEmitJccToLabelEx(pReNative, pbCodeBuf, off, idxLabelTlbMiss, kIemNativeInstrCond_ne);
+    /*
+     * 4. Check TLB page table level access flags and physical page revision #.
+     */
+    /* mov reg1, mask */
+    AssertCompile(IEMTLBE_F_PT_NO_USER == 4);
+    uint64_t const fNoUser = (((pReNative->fExec >> IEM_F_X86_CPL_SHIFT) & IEM_F_X86_CPL_SMASK) + 1) & IEMTLBE_F_PT_NO_USER;
+    off = iemNativeEmitLoadGprImmEx(pbCodeBuf, off, idxReg1,
+                                      IEMTLBE_F_PHYS_REV       | IEMTLBE_F_NO_MAPPINGR3
+                                    | IEMTLBE_F_PG_UNASSIGNED  | IEMTLBE_F_PG_NO_READ
+                                    | IEMTLBE_F_PT_NO_ACCESSED | fNoUser);
+    /* and reg1, [reg2->fFlagsAndPhysRev] */
+    pbCodeBuf[off++] = X86_OP_REX_W | (idxReg1 < 8 ? 0 : X86_OP_REX_R) | (idxReg2 < 8 ? 0 : X86_OP_REX_B);
+    pbCodeBuf[off++] = 0x23;
+    off = iemNativeEmitGprByGprDisp(pbCodeBuf, off, idxReg1, idxReg2, RT_UOFFSETOF(IEMTLBENTRY, fFlagsAndPhysRev));
+    /* cmp reg1, [pVCpu->iem.s.DataTlb.uTlbPhysRev] */
+    pbCodeBuf[off++] = X86_OP_REX_W | (idxReg1 < 8 ? 0 : X86_OP_REX_R);
+    pbCodeBuf[off++] = 0x3b;
+    off = iemNativeEmitGprByGprDisp(pbCodeBuf, off, idxReg1, IEMNATIVE_REG_FIXED_PVMCPU,
+                                    RT_UOFFSETOF(VMCPUCC, iem.s.DataTlb.uTlbPhysRev));
+    /* jne tlbmiss */
+    off = iemNativeEmitJccToLabelEx(pReNative, pbCodeBuf, off, idxLabelTlbMiss, kIemNativeInstrCond_ne);
+    /*
+     * 5. Check that pbMappingR3 isn't NULL (paranoia) and calculate the
+     *    resulting pointer.
+     */
+    /* mov  reg1, [reg2->pbMappingR3] */
+    pbCodeBuf[off++] = X86_OP_REX_W | (idxReg1 < 8 ? 0 : X86_OP_REX_R) | (idxReg2 < 8 ? 0 : X86_OP_REX_B);
+    pbCodeBuf[off++] = 0x8b;
+    off = iemNativeEmitGprByGprDisp(pbCodeBuf, off, idxRegMemResult, idxReg2, RT_UOFFSETOF(IEMTLBENTRY, pbMappingR3));
+    /** @todo eliminate the need for this test? */
+    /* test reg1, reg1 */
+    pbCodeBuf[off++] = X86_OP_REX_W | (idxReg1 < 8 ? 0 : X86_OP_REX_R | X86_OP_REX_B);
+    pbCodeBuf[off++] = 0x85;
+    pbCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, idxReg1 & 7, idxReg1 & 7);
+    /* jz   tlbmiss */
+    off = iemNativeEmitJccToLabelEx(pReNative, pbCodeBuf, off, idxLabelTlbDone, kIemNativeInstrCond_e);
+    if (idxRegFlatPtr == idxRegMemResult) /* See step 1b. */
+    {
+        /* and result, 0xfff */
+        off = iemNativeEmitAndGpr32ByImmEx(pbCodeBuf, off, idxRegMemResult, GUEST_PAGE_OFFSET_MASK);
+    }
+    else
+    {
+        Assert(idxRegFlatPtr == idxRegPtr);
+        /* mov result, 0xfff */
+        off = iemNativeEmitLoadGpr32ImmEx(pbCodeBuf, off, idxRegMemResult, GUEST_PAGE_OFFSET_MASK);
+        /* and result, regflat */
+        off = iemNativeEmitAndGpr32ByGpr32Ex(pbCodeBuf, off, idxRegMemResult, idxRegFlatPtr);
+    }
+    /* add result, reg1 */
+    off = iemNativeEmitAddTwoGprsEx(pbCodeBuf, off, idxRegMemResult, idxReg1);
+    /* jmp tlbdone */
+    off = iemNativeEmitJmpToLabelEx(pReNative, pbCodeBuf, off, idxLabelTlbDone);
+    iemNativeVarRegisterRelease(pReNative, idxRegPtr);
+    iemNativeRegFree(pReNative, idxRegSegBase);
+    iemNativeRegFree(pReNative, idxRegSegLimit);
+    iemNativeRegFree(pReNative, idxRegSegAttrib);
+    iemNativeRegFree(pReNative, idxReg2);
+    iemNativeRegFree(pReNative, idxReg1);
+#else
+    /** @todo arm64 TLB code   */
     RT_NOREF(fAccess, fAlignMask, cbMem);
+#endif
     /*

trunk/src/VBox/VMM/include/IEMN8veRecompiler.h

-              r102699
+              r102717
     kIemNativeGstReg_SegLimitFirst,
     kIemNativeGstReg_SegLimitLast  = kIemNativeGstReg_SegLimitFirst + 5,
+    kIemNativeGstReg_SegAttribFirst,
+    kIemNativeGstReg_SegAttribLast = kIemNativeGstReg_SegAttribFirst + 5,
     kIemNativeGstReg_End
 } IEMNATIVEGSTREG;
 …
 /** @name Helpers for converting register numbers to IEMNATIVEGSTREG values.
  * @{  */
+#define IEMNATIVEGSTREG_GPR(a_iGpr)             ((IEMNATIVEGSTREG)(kIemNativeGstReg_GprFirst      + (a_iGpr)    ))
+#define IEMNATIVEGSTREG_SEG_SEL(a_iSegReg)      ((IEMNATIVEGSTREG)(kIemNativeGstReg_SegSelFirst   + (a_iSegReg) ))
+#define IEMNATIVEGSTREG_SEG_BASE(a_iSegReg)     ((IEMNATIVEGSTREG)(kIemNativeGstReg_SegBaseFirst  + (a_iSegReg) ))
+#define IEMNATIVEGSTREG_SEG_LIMIT(a_iSegReg)    ((IEMNATIVEGSTREG)(kIemNativeGstReg_SegLimitFirst + (a_iSegReg) ))
+#define IEMNATIVEGSTREG_GPR(a_iGpr)             ((IEMNATIVEGSTREG)(kIemNativeGstReg_GprFirst       + (a_iGpr)    ))
+#define IEMNATIVEGSTREG_SEG_SEL(a_iSegReg)      ((IEMNATIVEGSTREG)(kIemNativeGstReg_SegSelFirst    + (a_iSegReg) ))
+#define IEMNATIVEGSTREG_SEG_BASE(a_iSegReg)     ((IEMNATIVEGSTREG)(kIemNativeGstReg_SegBaseFirst   + (a_iSegReg) ))
+#define IEMNATIVEGSTREG_SEG_LIMIT(a_iSegReg)    ((IEMNATIVEGSTREG)(kIemNativeGstReg_SegLimitFirst  + (a_iSegReg) ))
+#define IEMNATIVEGSTREG_SEG_ATTRIB(a_iSegReg)   ((IEMNATIVEGSTREG)(kIemNativeGstReg_SegAttribFirst + (a_iSegReg) ))
 /** @} */
 …
                                                     bool fPreferVolatile = true);
 DECL_HIDDEN_THROW(uint8_t)  iemNativeRegAllocTmpForGuestReg(PIEMRECOMPILERSTATE pReNative, uint32_t *poff,
+                                                            IEMNATIVEGSTREG enmGstReg, IEMNATIVEGSTREGUSE enmIntendedUse,
+                                                            IEMNATIVEGSTREG enmGstReg,
+                                                            IEMNATIVEGSTREGUSE enmIntendedUse = kIemNativeGstRegUse_ReadOnly,
                                                             bool fNoVoltileRegs = false);
 DECL_HIDDEN_THROW(uint8_t)  iemNativeRegAllocTmpForGuestRegIfAlreadyPresent(PIEMRECOMPILERSTATE pReNative, uint32_t *poff,

trunk/src/VBox/VMM/include/IEMN8veRecompilerEmit.h

-              r102700
+              r102717
  * Emits a gprdst = gprsrc load.
  */
+DECL_FORCE_INLINE(uint32_t)
+iemNativeEmitLoadGprFromGprEx(PIEMNATIVEINSTR pCodeBuf, uint32_t off, uint8_t iGprDst, uint8_t iGprSrc)
+{
+#ifdef RT_ARCH_AMD64
+    /* mov gprdst, gprsrc */
+    if ((iGprDst | iGprSrc) >= 8)
+        pCodeBuf[off++] = iGprDst < 8  ? X86_OP_REX_W | X86_OP_REX_B
+                        : iGprSrc >= 8 ? X86_OP_REX_W | X86_OP_REX_R | X86_OP_REX_B
+                        :                X86_OP_REX_W | X86_OP_REX_R;
+    else
+        pCodeBuf[off++] = X86_OP_REX_W;
+    pCodeBuf[off++] = 0x8b;
+    pCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, iGprDst & 7, iGprSrc & 7);
+#elif defined(RT_ARCH_ARM64)
+    /* mov dst, src;   alias for: orr dst, xzr, src */
+    p32CodeBuf[off++] = Armv8A64MkInstrOrr(iGprDst, ARMV8_A64_REG_XZR, iGprSrc);
+#else
+# error "port me"
+#endif
+    return off;
+}
+/**
+ * Emits a gprdst = gprsrc load.
+ */
 DECL_INLINE_THROW(uint32_t)
 iemNativeEmitLoadGprFromGpr(PIEMRECOMPILERSTATE pReNative, uint32_t off, uint8_t iGprDst, uint8_t iGprSrc)
+{
 #ifdef RT_ARCH_AMD64
+    /* mov gprdst, gprsrc */
+    uint8_t * const pbCodeBuf = iemNativeInstrBufEnsure(pReNative, off, 3);
+    if ((iGprDst | iGprSrc) >= 8)
+        pbCodeBuf[off++] = iGprDst < 8  ? X86_OP_REX_W | X86_OP_REX_B
+                         : iGprSrc >= 8 ? X86_OP_REX_W | X86_OP_REX_R | X86_OP_REX_B
+                         :                X86_OP_REX_W | X86_OP_REX_R;
+    else
+        pbCodeBuf[off++] = X86_OP_REX_W;
+    pbCodeBuf[off++] = 0x8b;
+    pbCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, iGprDst & 7, iGprSrc & 7);
+#elif defined(RT_ARCH_ARM64)
+    /* mov dst, src;   alias for: orr dst, xzr, src */
+    uint32_t * const pu32CodeBuf = iemNativeInstrBufEnsure(pReNative, off, 1);
+    pu32CodeBuf[off++] = Armv8A64MkInstrOrr(iGprDst, ARMV8_A64_REG_XZR, iGprSrc);
+    off = iemNativeEmitLoadGprFromGprEx(iemNativeInstrBufEnsure(pReNative, off, 3), off, iGprDst, iGprSrc);
+#elif defined(RT_ARCH_ARM64)
+    off = iemNativeEmitLoadGprFromGprEx(iemNativeInstrBufEnsure(pReNative, off, 1), off, iGprDst, iGprSrc);
 #else
 # error "port me"
 …
  * @note Bits 63 thru 32 are cleared.
  */
+DECL_FORCE_INLINE(uint32_t)
+iemNativeEmitLoadGprFromGpr32Ex(PIEMNATIVEINSTR pCodeBuf, uint32_t off, uint8_t iGprDst, uint8_t iGprSrc)
+{
+#ifdef RT_ARCH_AMD64
+    /* mov gprdst, gprsrc */
+    if ((iGprDst | iGprSrc) >= 8)
+        pCodeBuf[off++] = iGprDst < 8  ? X86_OP_REX_B
+                        : iGprSrc >= 8 ? X86_OP_REX_R | X86_OP_REX_B
+                        :                X86_OP_REX_R;
+    pCodeBuf[off++] = 0x8b;
+    pCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, iGprDst & 7, iGprSrc & 7);
+#elif defined(RT_ARCH_ARM64)
+    /* mov dst32, src32;   alias for: orr dst32, wzr, src32 */
+    pCodeBuf[off++] = Armv8A64MkInstrOrr(iGprDst, ARMV8_A64_REG_WZR, iGprSrc, false /*f64bit*/);
+#else
+# error "port me"
+#endif
+    return off;
+}
+/**
+ * Emits a gprdst = gprsrc[31:0] load.
+ * @note Bits 63 thru 32 are cleared.
+ */
 DECL_INLINE_THROW(uint32_t)
 iemNativeEmitLoadGprFromGpr32(PIEMRECOMPILERSTATE pReNative, uint32_t off, uint8_t iGprDst, uint8_t iGprSrc)
+{
 #ifdef RT_ARCH_AMD64
+    /* mov gprdst, gprsrc */
+    uint8_t * const pbCodeBuf = iemNativeInstrBufEnsure(pReNative, off, 3);
+    if ((iGprDst | iGprSrc) >= 8)
+        pbCodeBuf[off++] = iGprDst < 8  ? X86_OP_REX_B
+                         : iGprSrc >= 8 ? X86_OP_REX_R | X86_OP_REX_B
+                         :                X86_OP_REX_R;
+    pbCodeBuf[off++] = 0x8b;
+    pbCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, iGprDst & 7, iGprSrc & 7);
+#elif defined(RT_ARCH_ARM64)
+    /* mov dst32, src32;   alias for: orr dst32, wzr, src32 */
+    uint32_t * const pu32CodeBuf = iemNativeInstrBufEnsure(pReNative, off, 1);
+    pu32CodeBuf[off++] = Armv8A64MkInstrOrr(iGprDst, ARMV8_A64_REG_WZR, iGprSrc, false /*f64bit*/);
+    off = iemNativeEmitLoadGprFromGpr32Ex(iemNativeInstrBufEnsure(pReNative, off, 3), off, iGprDst, iGprSrc);
+#elif defined(RT_ARCH_ARM64)
+    off = iemNativeEmitLoadGprFromGpr32Ex(iemNativeInstrBufEnsure(pReNative, off, 1), off, iGprDst, iGprSrc);
 #else
 # error "port me"
 …
  * @note Bits 63 thru 8 are cleared.
  */
+DECL_FORCE_INLINE(uint32_t)
+iemNativeEmitLoadGprFromGpr8Ex(PIEMNATIVEINSTR pCodeBuf, uint32_t off, uint8_t iGprDst, uint8_t iGprSrc)
+{
+#ifdef RT_ARCH_AMD64
+    /* movzx Gv,Eb */
+    if (iGprDst >= 8 || iGprSrc >= 8)
+        pCodeBuf[off++] = iGprDst < 8  ? X86_OP_REX_B
+                        : iGprSrc >= 8 ? X86_OP_REX_R | X86_OP_REX_B
+                        :                X86_OP_REX_R;
+    else if (iGprSrc >= 4)
+        pCodeBuf[off++] = X86_OP_REX;
+    pCodeBuf[off++] = 0x0f;
+    pCodeBuf[off++] = 0xb6;
+    pCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, iGprDst & 7, iGprSrc & 7);
+#elif defined(RT_ARCH_ARM64)
+    /* and gprdst, gprsrc, #0xff */
+    Assert(Armv8A64ConvertImmRImmS2Mask32(0x07, 0) == UINT8_MAX);
+    pCodeBuf[off++] = Armv8A64MkInstrAndImm(iGprDst, iGprSrc, 0x07, 0, false /*f64Bit*/);
+#else
+# error "port me"
+#endif
+    return off;
+}
+/**
+ * Emits a gprdst = gprsrc[7:0] load.
+ * @note Bits 63 thru 8 are cleared.
+ */
 DECL_INLINE_THROW(uint32_t)
 iemNativeEmitLoadGprFromGpr8(PIEMRECOMPILERSTATE pReNative, uint32_t off, uint8_t iGprDst, uint8_t iGprSrc)
+{
 #ifdef RT_ARCH_AMD64
+    /* movzx Gv,Eb */
+    uint8_t * const pbCodeBuf = iemNativeInstrBufEnsure(pReNative, off, 4);
+    if (iGprDst >= 8 || iGprSrc >= 8)
+        pbCodeBuf[off++] = iGprDst < 8  ? X86_OP_REX_B
+                         : iGprSrc >= 8 ? X86_OP_REX_R | X86_OP_REX_B
+                         :                X86_OP_REX_R;
+    else if (iGprSrc >= 4)
+        pbCodeBuf[off++] = X86_OP_REX;
+    pbCodeBuf[off++] = 0x0f;
+    pbCodeBuf[off++] = 0xb6;
+    pbCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, iGprDst & 7, iGprSrc & 7);
+#elif defined(RT_ARCH_ARM64)
+    /* and gprdst, gprsrc, #0xff */
+    uint32_t * const pu32CodeBuf = iemNativeInstrBufEnsure(pReNative, off, 1);
+# if 1
+    Assert(Armv8A64ConvertImmRImmS2Mask32(0x07, 0) == UINT8_MAX);
+    pu32CodeBuf[off++] = Armv8A64MkInstrAndImm(iGprDst, iGprSrc, 0x07, 0, false /*f64Bit*/);
+# else
+    Assert(Armv8A64ConvertImmRImmS2Mask64(0x47, 0) == UINT8_MAX);
+    pu32CodeBuf[off++] = Armv8A64MkInstrAndImm(iGprDst, iGprSrc, 0x47, 0);
+# endif
+    off = iemNativeEmitLoadGprFromGpr8Ex(iemNativeInstrBufEnsure(pReNative, off, 4), off, iGprDst, iGprSrc);
+#elif defined(RT_ARCH_ARM64)
+    off = iemNativeEmitLoadGprFromGpr8Ex(iemNativeInstrBufEnsure(pReNative, off, 1), off, iGprDst, iGprSrc);
 #else
 # error "port me"
 …
+/**
+ * Emits subtracting a 32-bit GPR from another, storing the result in the first.
+ * @note The AMD64 version sets flags.
+ */
+DECL_FORCE_INLINE(uint32_t)
+iemNativeEmitSubTwoGprs32Ex(PIEMNATIVEINSTR pCodeBuf, uint32_t off, uint8_t iGprDst, uint8_t iGprSubtrahend)
+{
+#if defined(RT_ARCH_AMD64)
+    /* sub Gv,Ev */
+    if (iGprDst >= 8 || iGprSubtrahend >= 8)
+        pCodeBuf[off++] = (iGprDst        < 8 ? 0 : X86_OP_REX_R)
+                        | (iGprSubtrahend < 8 ? 0 : X86_OP_REX_B);
+    pCodeBuf[off++] = 0x2b;
+    pCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, iGprDst & 7, iGprSubtrahend & 7);
+#elif defined(RT_ARCH_ARM64)
+    pCodeBuf[off++] = Armv8A64MkInstrSubReg(iGprDst, iGprDst, iGprSubtrahend, false /*f64Bit*/);
+#else
+# error "Port me"
+#endif
+    return off;
+}
+/**
+ * Emits subtracting a 32-bit GPR from another, storing the result in the first.
+ * @note The AMD64 version sets flags.
+ */
+DECL_INLINE_THROW(uint32_t)
+iemNativeEmitSubTwoGprs32(PIEMRECOMPILERSTATE pReNative, uint32_t off, uint8_t iGprDst, uint8_t iGprSubtrahend)
+{
+#if defined(RT_ARCH_AMD64)
+    off = iemNativeEmitSubTwoGprs32Ex(iemNativeInstrBufEnsure(pReNative, off, 3), off, iGprDst, iGprSubtrahend);
+#elif defined(RT_ARCH_ARM64)
+    off = iemNativeEmitSubTwoGprs32Ex(iemNativeInstrBufEnsure(pReNative, off, 1), off, iGprDst, iGprSubtrahend);
+#else
+# error "Port me"
+#endif
+    IEMNATIVE_ASSERT_INSTR_BUF_ENSURE(pReNative, off);
+    return off;
+}
 #ifdef RT_ARCH_AMD64
 /**
 …
+#ifdef RT_ARCH_AMD64
+/**
+ * Emits a 32-bit GPR subtract with a signed immediate subtrahend.
+ *
+ * This will optimize using DEC/INC/whatever, so try avoid flag dependencies.
+ */
+DECL_FORCE_INLINE(uint32_t)
+iemNativeEmitSubGpr32ImmEx(PIEMNATIVEINSTR pCodeBuf, uint32_t off, uint8_t iGprDst, int32_t iSubtrahend)
+{
+    if (iGprDst >= 8)
+        pCodeBuf[off++] = X86_OP_REX_B;
+    if (iSubtrahend == 1)
+    {
+        /* dec r/m32 */
+        pCodeBuf[off++] = 0xff;
+        pCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, 1, iGprDst & 7);
+    }
+    else if (iSubtrahend == -1)
+    {
+        /* inc r/m32 */
+        pCodeBuf[off++] = 0xff;
+        pCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, 0, iGprDst & 7);
+    }
+    else if (iSubtrahend < 128 && iSubtrahend >= -128)
+    {
+        /* sub r/m32, imm8 */
+        pCodeBuf[off++] = 0x83;
+        pCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, 5, iGprDst & 7);
+        pCodeBuf[off++] = (uint8_t)iSubtrahend;
+    }
+    else
+    {
+        /* sub r/m32, imm32 */
+        pCodeBuf[off++] = 0x81;
+        pCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, 5, iGprDst & 7);
+        pCodeBuf[off++] = RT_BYTE1(iSubtrahend);
+        pCodeBuf[off++] = RT_BYTE2(iSubtrahend);
+        pCodeBuf[off++] = RT_BYTE3(iSubtrahend);
+        pCodeBuf[off++] = RT_BYTE4(iSubtrahend);
+    }
+    return off;
+}
+#endif
 /**
  * Emits adding a 64-bit GPR to another, storing the result in the first.
  * @note The AMD64 version sets flags.
  */
 DECL_INLINE_THROW(uint32_t)
 iemNativeEmitAddTwoGprs(PIEMRECOMPILERSTATE pReNative, uint32_t off, uint8_t iGprDst, uint8_t iGprAddend)
+DECL_FORCE_INLINE(uint32_t)
+iemNativeEmitAddTwoGprsEx(PIEMNATIVEINSTR pCodeBuf, uint32_t off, uint8_t iGprDst, uint8_t iGprAddend)
+{
 #if defined(RT_ARCH_AMD64)
     /* add Gv,Ev */
+    uint8_t *pbCodeBuf = iemNativeInstrBufEnsure(pReNative, off, 3);
+    pbCodeBuf[off++] = (iGprDst < 8 ? X86_OP_REX_W : X86_OP_REX_W | X86_OP_REX_R)
+                     | (iGprAddend < 8 ? 0 : X86_OP_REX_B);
+    pbCodeBuf[off++] = 0x03;
+    pbCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, iGprDst & 7, iGprAddend & 7);
+#elif defined(RT_ARCH_ARM64)
+    uint32_t *pu32CodeBuf = iemNativeInstrBufEnsure(pReNative, off, 1);
+    pu32CodeBuf[off++] = Armv8A64MkInstrAddSubReg(false /*fSub*/, iGprDst, iGprDst, iGprAddend);
+    pCodeBuf[off++] = (iGprDst < 8 ? X86_OP_REX_W : X86_OP_REX_W | X86_OP_REX_R)
+                    | (iGprAddend < 8 ? 0 : X86_OP_REX_B);
+    pCodeBuf[off++] = 0x03;
+    pCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, iGprDst & 7, iGprAddend & 7);
+#elif defined(RT_ARCH_ARM64)
+    pCodeBuf[off++] = Armv8A64MkInstrAddSubReg(false /*fSub*/, iGprDst, iGprDst, iGprAddend);
+#else
+# error "Port me"
+#endif
+    return off;
+}
+/**
+ * Emits adding a 64-bit GPR to another, storing the result in the first.
+ * @note The AMD64 version sets flags.
+ */
+DECL_INLINE_THROW(uint32_t)
+iemNativeEmitAddTwoGprs(PIEMRECOMPILERSTATE pReNative, uint32_t off, uint8_t iGprDst, uint8_t iGprAddend)
+{
+#if defined(RT_ARCH_AMD64)
+    off = iemNativeEmitAddTwoGprsEx(iemNativeInstrBufEnsure(pReNative, off, 3), off, iGprDst, iGprAddend);
+#elif defined(RT_ARCH_ARM64)
+    off = iemNativeEmitAddTwoGprsEx(iemNativeInstrBufEnsure(pReNative, off, 1), off, iGprDst, iGprAddend);
+#else
+# error "Port me"
+#endif
+    IEMNATIVE_ASSERT_INSTR_BUF_ENSURE(pReNative, off);
+    return off;
+}
+/**
+ * Emits adding a 64-bit GPR to another, storing the result in the first.
+ * @note The AMD64 version sets flags.
+ */
+DECL_FORCE_INLINE(uint32_t)
+iemNativeEmitAddTwoGprs32Ex(PIEMNATIVEINSTR pCodeBuf, uint32_t off, uint8_t iGprDst, uint8_t iGprAddend)
+{
+#if defined(RT_ARCH_AMD64)
+    /* add Gv,Ev */
+    if (iGprDst >= 8 || iGprAddend >= 8)
+        pCodeBuf[off++] = (iGprDst    >= 8 ? X86_OP_REX_R : 0)
+                        | (iGprAddend >= 8 ? X86_OP_REX_B : 0);
+    pCodeBuf[off++] = 0x03;
+    pCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, iGprDst & 7, iGprAddend & 7);
+#elif defined(RT_ARCH_ARM64)
+    pCodeBuf[off++] = Armv8A64MkInstrAddSubReg(false /*fSub*/, iGprDst, iGprDst, iGprAddend, false /*f64Bit*/);
+#else
+# error "Port me"
+#endif
+    return off;
+}
+/**
+ * Emits adding a 64-bit GPR to another, storing the result in the first.
+ * @note The AMD64 version sets flags.
+ */
+DECL_INLINE_THROW(uint32_t)
+iemNativeEmitAddTwoGprs32(PIEMRECOMPILERSTATE pReNative, uint32_t off, uint8_t iGprDst, uint8_t iGprAddend)
+{
+#if defined(RT_ARCH_AMD64)
+    off = iemNativeEmitAddTwoGprs32Ex(iemNativeInstrBufEnsure(pReNative, off, 3), off, iGprDst, iGprAddend);
+#elif defined(RT_ARCH_ARM64)
+    off = iemNativeEmitAddTwoGprs32Ex(iemNativeInstrBufEnsure(pReNative, off, 1), off, iGprDst, iGprAddend);
 #else
 # error "Port me"
 …
  * @note Bits 32 thru 63 in the GPR will be zero after the operation.
  */
 DECL_INLINE_THROW(uint32_t)
 iemNativeEmitAddGpr32Imm8(PIEMRECOMPILERSTATE pReNative, uint32_t off, uint8_t iGprDst, int8_t iImm8)
+DECL_FORCE_INLINE(uint32_t)
+iemNativeEmitAddGpr32Imm8Ex(PIEMNATIVEINSTR pCodeBuf, uint32_t off, uint8_t iGprDst, int8_t iImm8)
+{
 #if defined(RT_ARCH_AMD64)
     /* add or inc */
-    uint8_t *pbCodeBuf = iemNativeInstrBufEnsure(pReNative, off, 4);
     if (iGprDst >= 8)
         pbCodeBuf[off++] = X86_OP_REX_B;
+        pCodeBuf[off++] = X86_OP_REX_B;
     if (iImm8 != 1)
+    {
+        pbCodeBuf[off++] = 0x83;
+        pbCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, 0, iGprDst & 7);
+        pbCodeBuf[off++] = (uint8_t)iImm8;
+    }
+    else
+    {
+        pbCodeBuf[off++] = 0xff;
+        pbCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, 0, iGprDst & 7);
+    }
+#elif defined(RT_ARCH_ARM64)
+    uint32_t *pu32CodeBuf = iemNativeInstrBufEnsure(pReNative, off, 1);
+        pCodeBuf[off++] = 0x83;
+        pCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, 0, iGprDst & 7);
+        pCodeBuf[off++] = (uint8_t)iImm8;
+    }
+    else
+    {
+        pCodeBuf[off++] = 0xff;
+        pCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, 0, iGprDst & 7);
+    }
+#elif defined(RT_ARCH_ARM64)
     if (iImm8 >= 0)
+        pu32CodeBuf[off++] = Armv8A64MkInstrAddSubUImm12(false /*fSub*/, iGprDst, iGprDst, (uint8_t)iImm8, false /*f64Bit*/);
+    else
+        pu32CodeBuf[off++] = Armv8A64MkInstrAddSubUImm12(true /*fSub*/, iGprDst, iGprDst, (uint8_t)-iImm8, false /*f64Bit*/);
+        pCodeBuf[off++] = Armv8A64MkInstrAddSubUImm12(false /*fSub*/, iGprDst, iGprDst, (uint8_t)iImm8, false /*f64Bit*/);
+    else
+        pCodeBuf[off++] = Armv8A64MkInstrAddSubUImm12(true /*fSub*/, iGprDst, iGprDst, (uint8_t)-iImm8, false /*f64Bit*/);
+#else
+# error "Port me"
+#endif
+    return off;
+}
+/**
+ * Emits a 32-bit GPR additions with a 8-bit signed immediate.
+ * @note Bits 32 thru 63 in the GPR will be zero after the operation.
+ */
+DECL_INLINE_THROW(uint32_t)
+iemNativeEmitAddGpr32Imm8(PIEMRECOMPILERSTATE pReNative, uint32_t off, uint8_t iGprDst, int8_t iImm8)
+{
+#if defined(RT_ARCH_AMD64)
+    off = iemNativeEmitAddGpr32Imm8Ex(iemNativeInstrBufEnsure(pReNative, off, 4), off, iGprDst, iImm8);
+#elif defined(RT_ARCH_ARM64)
+    off = iemNativeEmitAddGpr32Imm8Ex(iemNativeInstrBufEnsure(pReNative, off, 1), off, iGprDst, iImm8);
 #else
 # error "Port me"
 …
  * Emits a 32-bit GPR additions with a 32-bit signed immediate.
  * @note Bits 32 thru 63 in the GPR will be zero after the operation.
+ */
+DECL_INLINE_THROW(uint32_t)
+iemNativeEmitAddGpr32Imm(PIEMRECOMPILERSTATE pReNative, uint32_t off, uint8_t iGprDst, int32_t iAddend)
+ * @note For ARM64 the iAddend value must be in the range 0x000..0xfff,
+ *       or that range shifted 12 bits to the left (e.g. 0x1000..0xfff000 with
+ *       the lower 12 bits always zero).  The negative ranges are also allowed,
+ *       making it behave like a subtraction.  If the constant does not conform,
+ *       bad stuff will happen.
+ */
+DECL_FORCE_INLINE_THROW(uint32_t)
+iemNativeEmitAddGpr32ImmEx(PIEMNATIVEINSTR pCodeBuf, uint32_t off, uint8_t iGprDst, int32_t iAddend)
+{
 #if defined(RT_ARCH_AMD64)
     if (iAddend <= INT8_MAX && iAddend >= INT8_MIN)
         return iemNativeEmitAddGpr32Imm8(pReNative, off, iGprDst, (int8_t)iAddend);
+        return iemNativeEmitAddGpr32Imm8Ex(pCodeBuf, off, iGprDst, (int8_t)iAddend);
     /* add grp, imm32 */
-    uint8_t *pbCodeBuf = iemNativeInstrBufEnsure(pReNative, off, 7);
     if (iGprDst >= 8)
+        pbCodeBuf[off++] = X86_OP_REX_B;
+    pbCodeBuf[off++] = 0x81;
+    pbCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, 0, iGprDst & 7);
+    pbCodeBuf[off++] = RT_BYTE1((uint32_t)iAddend);
+    pbCodeBuf[off++] = RT_BYTE2((uint32_t)iAddend);
+    pbCodeBuf[off++] = RT_BYTE3((uint32_t)iAddend);
+    pbCodeBuf[off++] = RT_BYTE4((uint32_t)iAddend);
+        pCodeBuf[off++] = X86_OP_REX_B;
+    pCodeBuf[off++] = 0x81;
+    pCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, 0, iGprDst & 7);
+    pCodeBuf[off++] = RT_BYTE1((uint32_t)iAddend);
+    pCodeBuf[off++] = RT_BYTE2((uint32_t)iAddend);
+    pCodeBuf[off++] = RT_BYTE3((uint32_t)iAddend);
+    pCodeBuf[off++] = RT_BYTE4((uint32_t)iAddend);
+#elif defined(RT_ARCH_ARM64)
+    uint32_t const uAbsAddend = (uint32_t)RT_ABS(iAddened);
+    if (uAbsAddend <= 0xfff)
+    {
+        if (iAddend >= 0)
+            pCodeBuf[off++] = Armv8A64MkInstrAddSubUImm12(false /*fSub*/, iGprDst, iGprDst, uAbsAddend, false /*f64Bit*/);
+        else
+            pCodeBuf[off++] = Armv8A64MkInstrAddSubUImm12(true /*fSub*/,  iGprDst, iGprDst, uAbsAddend, false /*f64Bit*/);
+    }
+    else if (uAbsAddend <= 0xfff000 && !(uAbsAddend & 0xfff))
+    {
+        if (iAddend >= 0)
+            pCodeBuf[off++] = Armv8A64MkInstrAddSubUImm12(false /*fSub*/, iGprDst, iGprDst, uAbsAddend >> 12,
+                                                          false /*f64Bit*/, true /*fShift12*/);
+        else
+            pCodeBuf[off++] = Armv8A64MkInstrAddSubUImm12(true /*fSub*/,  iGprDst, iGprDst, uAbsAddend >> 12,
+                                                          false /*f64Bit*/, true /*fShift12*/);
+    }
+    else
+# ifdef IEM_WITH_THROW_CATCH
+        AssertFailedStmt(IEMNATIVE_DO_LONGJMP(NULL, VERR_IEM_IPE_9));
+# else
+        AssertReleaseFailedStmt(off = UINT32_MAX);
+# endif
+#else
+# error "Port me"
+#endif
+    return off;
+}
+/**
+ * Emits a 32-bit GPR additions with a 32-bit signed immediate.
+ * @note Bits 32 thru 63 in the GPR will be zero after the operation.
+ */
+DECL_INLINE_THROW(uint32_t)
+iemNativeEmitAddGpr32Imm(PIEMRECOMPILERSTATE pReNative, uint32_t off, uint8_t iGprDst, int32_t iAddend)
+{
+#if defined(RT_ARCH_AMD64)
+    off = iemNativeEmitAddGpr32ImmEx(iemNativeInstrBufEnsure(pReNative, off, 7), off, iGprDst, iAddend);
 #elif defined(RT_ARCH_ARM64)
 …
 /**
  * Emits code for clearing bits 16 thru 63 in the GPR.
  */
 DECL_INLINE_THROW(uint32_t)
 iemNativeEmitNegGpr(PIEMRECOMPILERSTATE pReNative, uint32_t off, uint8_t iGprDst)
+ * Emits code for two complement negation of a 64-bit GPR.
+ */
+DECL_FORCE_INLINE_THROW(uint32_t)
+iemNativeEmitNegGprEx(PIEMNATIVEINSTR pCodeBuf, uint32_t off, uint8_t iGprDst)
+{
 #if defined(RT_ARCH_AMD64)
     /* neg Ev */
+    uint8_t *pbCodeBuf = iemNativeInstrBufEnsure(pReNative, off, 3);
+    pbCodeBuf[off++] = iGprDst < 8 ? X86_OP_REX_W : X86_OP_REX_W | X86_OP_REX_B;
+    pbCodeBuf[off++] = 0xf7;
+    pbCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, 3, iGprDst & 7);
+    pCodeBuf[off++] = iGprDst < 8 ? X86_OP_REX_W : X86_OP_REX_W | X86_OP_REX_B;
+    pCodeBuf[off++] = 0xf7;
+    pCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, 3, iGprDst & 7);
 #elif defined(RT_ARCH_ARM64)
     /* sub dst, xzr, dst */
+    uint32_t *pu32CodeBuf = iemNativeInstrBufEnsure(pReNative, off, 1);
+    pu32CodeBuf[off++] = Armv8A64MkInstrNeg(iGprDst);
+    pCodeBuf[off++] = Armv8A64MkInstrNeg(iGprDst);
+#else
+# error "Port me"
+#endif
+    return off;
+}
+/**
+ * Emits code for two complement negation of a 64-bit GPR.
+ */
+DECL_INLINE_THROW(uint32_t)
+iemNativeEmitNegGpr(PIEMRECOMPILERSTATE pReNative, uint32_t off, uint8_t iGprDst)
+{
+#if defined(RT_ARCH_AMD64)
+    off = iemNativeEmitNegGprEx(iemNativeInstrBufEnsure(pReNative, off, 3), off, iGprDst);
+#elif defined(RT_ARCH_ARM64)
+    off = iemNativeEmitNegGprEx(iemNativeInstrBufEnsure(pReNative, off, 1), off, iGprDst);
+#else
+# error "Port me"
+#endif
+    IEMNATIVE_ASSERT_INSTR_BUF_ENSURE(pReNative, off);
+    return off;
+}
+/**
+ * Emits code for two complement negation of a 32-bit GPR.
+ * @note bit 32 thru 63 are set to zero.
+ */
+DECL_FORCE_INLINE_THROW(uint32_t)
+iemNativeEmitNegGpr32Ex(PIEMNATIVEINSTR pCodeBuf, uint32_t off, uint8_t iGprDst)
+{
+#if defined(RT_ARCH_AMD64)
+    /* neg Ev */
+    if (iGprDst >= 8)
+        pCodeBuf[off++] = X86_OP_REX_B;
+    pCodeBuf[off++] = 0xf7;
+    pCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, 3, iGprDst & 7);
+#elif defined(RT_ARCH_ARM64)
+    /* sub dst, xzr, dst */
+    pCodeBuf[off++] = Armv8A64MkInstrNeg(iGprDst, false /*f64Bit*/);
+#else
+# error "Port me"
+#endif
+    return off;
+}
+/**
+ * Emits code for two complement negation of a 32-bit GPR.
+ * @note bit 32 thru 63 are set to zero.
+ */
+DECL_INLINE_THROW(uint32_t)
+iemNativeEmitNegGpr32(PIEMRECOMPILERSTATE pReNative, uint32_t off, uint8_t iGprDst)
+{
+#if defined(RT_ARCH_AMD64)
+    off = iemNativeEmitNegGpr32Ex(iemNativeInstrBufEnsure(pReNative, off, 3), off, iGprDst);
+#elif defined(RT_ARCH_ARM64)
+    off = iemNativeEmitNegGpr32Ex(iemNativeInstrBufEnsure(pReNative, off, 1), off, iGprDst);
 #else
 # error "Port me"
 …
  * Emits code for AND'ing two 32-bit GPRs.
  */
 DECL_INLINE_THROW(uint32_t)
 iemNativeEmitAndGpr32ByGpr32(PIEMRECOMPILERSTATE pReNative, uint32_t off, uint8_t iGprDst, uint8_t iGprSrc, bool fSetFlags = false)
+DECL_FORCE_INLINE(uint32_t)
+iemNativeEmitAndGpr32ByGpr32Ex(PIEMNATIVEINSTR pCodeBuf, uint32_t off, uint8_t iGprDst, uint8_t iGprSrc, bool fSetFlags = false)
+{
 #if defined(RT_ARCH_AMD64)
     /* and Gv, Ev */
-    uint8_t *pbCodeBuf = iemNativeInstrBufEnsure(pReNative, off, 3);
     if (iGprDst >= 8 || iGprSrc >= 8)
         pbCodeBuf[off++] = (iGprDst < 8 ? 0 : X86_OP_REX_R) | (iGprSrc < 8 ? 0 : X86_OP_REX_B);
     pbCodeBuf[off++] = 0x23;
     pbCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, iGprDst & 7, iGprSrc & 7);
+        pCodeBuf[off++] = (iGprDst < 8 ? 0 : X86_OP_REX_R) | (iGprSrc < 8 ? 0 : X86_OP_REX_B);
+    pCodeBuf[off++] = 0x23;
+    pCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, iGprDst & 7, iGprSrc & 7);
     RT_NOREF(fSetFlags);
 #elif defined(RT_ARCH_ARM64)
-    uint32_t *pu32CodeBuf = iemNativeInstrBufEnsure(pReNative, off, 1);
     if (!fSetFlags)
+        pu32CodeBuf[off++] = Armv8A64MkInstrAnd(iGprDst, iGprDst, iGprSrc, false /*f64Bit*/);
+    else
+        pu32CodeBuf[off++] = Armv8A64MkInstrAnds(iGprDst, iGprDst, iGprSrc, false /*f64Bit*/);
+        pCodeBuf[off++] = Armv8A64MkInstrAnd(iGprDst, iGprDst, iGprSrc, false /*f64Bit*/);
+    else
+        pCodeBuf[off++] = Armv8A64MkInstrAnds(iGprDst, iGprDst, iGprSrc, false /*f64Bit*/);
+#else
+# error "Port me"
+#endif
+    return off;
+}
+/**
+ * Emits code for AND'ing two 32-bit GPRs.
+ */
+DECL_INLINE_THROW(uint32_t)
+iemNativeEmitAndGpr32ByGpr32(PIEMRECOMPILERSTATE pReNative, uint32_t off, uint8_t iGprDst, uint8_t iGprSrc, bool fSetFlags = false)
+{
+#if defined(RT_ARCH_AMD64)
+    off = iemNativeEmitAndGpr32ByGpr32Ex(iemNativeInstrBufEnsure(pReNative, off, 3), off, iGprDst, iGprSrc, fSetFlags);
+#elif defined(RT_ARCH_ARM64)
+    off = iemNativeEmitAndGpr32ByGpr32Ex(iemNativeInstrBufEnsure(pReNative, off, 1), off, iGprDst, iGprSrc, fSetFlags);
 #else
 # error "Port me"
 …
 /**
  * Emits code for AND'ing an 32-bit GPRs with a constant.
+ */
+DECL_INLINE_THROW(uint32_t)
+iemNativeEmitAndGpr32ByImm(PIEMRECOMPILERSTATE pReNative, uint32_t off, uint8_t iGprDst, uint32_t uImm, bool fSetFlags = false)
+ * @note Bits 32 thru 63 in the destination will be zero after the operation.
+ * @note For ARM64 this only supports @a uImm values that can be expressed using
+ *       the two 6-bit immediates of the AND/ANDS instructions.  The caller must
+ *       make sure this is possible!
+ */
+DECL_FORCE_INLINE_THROW(uint32_t)
+iemNativeEmitAndGpr32ByImmEx(PIEMNATIVEINSTR pCodeBuf, uint32_t off, uint8_t iGprDst, uint32_t uImm, bool fSetFlags = false)
+{
 #if defined(RT_ARCH_AMD64)
     /* and Ev, imm */
-    uint8_t *pbCodeBuf = iemNativeInstrBufEnsure(pReNative, off, 7);
     if (iGprDst >= 8)
         pbCodeBuf[off++] = X86_OP_REX_B;
+        pCodeBuf[off++] = X86_OP_REX_B;
     if ((int32_t)uImm == (int8_t)uImm)
+    {
         pbCodeBuf[off++] = 0x83;
         pbCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, 4, iGprDst & 7);
         pbCodeBuf[off++] = (uint8_t)uImm;
+    }
     else
+    {
         pbCodeBuf[off++] = 0x81;
         pbCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, 4, iGprDst & 7);
         pbCodeBuf[off++] = RT_BYTE1(uImm);
         pbCodeBuf[off++] = RT_BYTE2(uImm);
         pbCodeBuf[off++] = RT_BYTE3(uImm);
         pbCodeBuf[off++] = RT_BYTE4(uImm);
+        pCodeBuf[off++] = 0x83;
+        pCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, 4, iGprDst & 7);
+        pCodeBuf[off++] = (uint8_t)uImm;
+    }
+    else
+    {
+        pCodeBuf[off++] = 0x81;
+        pCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, 4, iGprDst & 7);
+        pCodeBuf[off++] = RT_BYTE1(uImm);
+        pCodeBuf[off++] = RT_BYTE2(uImm);
+        pCodeBuf[off++] = RT_BYTE3(uImm);
+        pCodeBuf[off++] = RT_BYTE4(uImm);
+    }
     RT_NOREF(fSetFlags);
+#elif defined(RT_ARCH_ARM64)
+    uint32_t uImmR     = 0;
+    uint32_t uImmNandS = 0;
+    if (Armv8A64ConvertMask32ToImmRImmS(uImm, &uImmNandS, &uImmR))
+    {
+        if (!fSetFlags)
+            pCodeBuf[off++] = Armv8A64MkInstrAndImm(iGprDst, iGprDst, uImmNandS, uImmR, false /*f64Bit*/);
+        else
+            pCodeBuf[off++] = Armv8A64MkInstrAndsImm(iGprDst, iGprDst, uImmNandS, uImmR, false /*f64Bit*/);
+    }
+    else
+# ifdef IEM_WITH_THROW_CATCH
+        AssertFailedStmt(IEMNATIVE_DO_LONGJMP(NULL, VERR_IEM_IPE_9));
+# else
+        AssertReleaseFailedStmt(off = UINT32_MAX);
+# endif
+#else
+# error "Port me"
+#endif
+    return off;
+}
+/**
+ * Emits code for AND'ing an 32-bit GPRs with a constant.
+ * @note Bits 32 thru 63 in the destination will be zero after the operation.
+ */
+DECL_INLINE_THROW(uint32_t)
+iemNativeEmitAndGpr32ByImm(PIEMRECOMPILERSTATE pReNative, uint32_t off, uint8_t iGprDst, uint32_t uImm, bool fSetFlags = false)
+{
+#if defined(RT_ARCH_AMD64)
+    off = iemNativeEmitAndGpr32ByImmEx(iemNativeInstrBufEnsure(pReNative, off, 7), off, iGprDst, uImm, fSetFlags);
 #elif defined(RT_ARCH_ARM64)
 …
+/**
+ * Emits code for XOR'ing an 32-bit GPRs with a constant.
+ * @note Bits 32 thru 63 in the destination will be zero after the operation.
+ * @note For ARM64 this only supports @a uImm values that can be expressed using
+ *       the two 6-bit immediates of the EOR instructions.  The caller must make
+ *       sure this is possible!
+ */
+DECL_FORCE_INLINE_THROW(uint32_t)
+iemNativeEmitXorGpr32ByImmEx(PIEMNATIVEINSTR pCodeBuf, uint32_t off, uint8_t iGprDst, uint32_t uImm)
+{
+#if defined(RT_ARCH_AMD64)
+    /* and Ev, imm */
+    if (iGprDst >= 8)
+        pCodeBuf[off++] = X86_OP_REX_B;
+    if ((int32_t)uImm == (int8_t)uImm)
+    {
+        pCodeBuf[off++] = 0x83;
+        pCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, 6, iGprDst & 7);
+        pCodeBuf[off++] = (uint8_t)uImm;
+    }
+    else
+    {
+        pCodeBuf[off++] = 0x81;
+        pCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, 6, iGprDst & 7);
+        pCodeBuf[off++] = RT_BYTE1(uImm);
+        pCodeBuf[off++] = RT_BYTE2(uImm);
+        pCodeBuf[off++] = RT_BYTE3(uImm);
+        pCodeBuf[off++] = RT_BYTE4(uImm);
+    }
+#elif defined(RT_ARCH_ARM64)
+    uint32_t uImmR     = 0;
+    uint32_t uImmNandS = 0;
+    if (Armv8A64ConvertMask32ToImmRImmS(uImm, &uImmNandS, &uImmR))
+        pCodeBuf[off++] = Armv8A64MkInstrEorImm(iGprDst, iGprDst, uImmNandS, uImmR, false /*f64Bit*/);
+    else
+# ifdef IEM_WITH_THROW_CATCH
+        AssertFailedStmt(IEMNATIVE_DO_LONGJMP(NULL, VERR_IEM_IPE_9));
+# else
+        AssertReleaseFailedStmt(off = UINT32_MAX);
+# endif
+#else
+# error "Port me"
+#endif
+    return off;
+}
 /*********************************************************************************************************************************
 *   Shifting                                                                                                                     *
 …
  * Emits code for shifting a GPR a fixed number of bits to the left.
  */
 DECL_INLINE_THROW(uint32_t)
 iemNativeEmitShiftGprLeft(PIEMRECOMPILERSTATE pReNative, uint32_t off, uint8_t iGprDst, uint8_t cShift)
+DECL_FORCE_INLINE(uint32_t)
+iemNativeEmitShiftGprLeftEx(PIEMNATIVEINSTR pCodeBuf, uint32_t off, uint8_t iGprDst, uint8_t cShift)
+{
     Assert(cShift > 0 && cShift < 64);
 …
 #if defined(RT_ARCH_AMD64)
     /* shl dst, cShift */
+    uint8_t *pbCodeBuf = iemNativeInstrBufEnsure(pReNative, off, 4);
+    pbCodeBuf[off++] = iGprDst < 8 ? X86_OP_REX_W : X86_OP_REX_W | X86_OP_REX_B;
+    pCodeBuf[off++] = iGprDst < 8 ? X86_OP_REX_W : X86_OP_REX_W | X86_OP_REX_B;
     if (cShift != 1)
+    {
+        pbCodeBuf[off++] = 0xc1;
+        pbCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, 4, iGprDst & 7);
+        pbCodeBuf[off++] = cShift;
+    }
+    else
+    {
+        pbCodeBuf[off++] = 0xd1;
+        pbCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, 4, iGprDst & 7);
+    }
+#elif defined(RT_ARCH_ARM64)
+    uint32_t *pu32CodeBuf = iemNativeInstrBufEnsure(pReNative, off, 1);
+    pu32CodeBuf[off++] = Armv8A64MkInstrLslImm(iGprDst, iGprDst, cShift);
+        pCodeBuf[off++] = 0xc1;
+        pCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, 4, iGprDst & 7);
+        pCodeBuf[off++] = cShift;
+    }
+    else
+    {
+        pCodeBuf[off++] = 0xd1;
+        pCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, 4, iGprDst & 7);
+    }
+#elif defined(RT_ARCH_ARM64)
+    pCodeBuf[off++] = Armv8A64MkInstrLslImm(iGprDst, iGprDst, cShift);
 #else
 # error "Port me"
 #endif
+    return off;
+}
+/**
+ * Emits code for shifting a GPR a fixed number of bits to the left.
+ */
+DECL_INLINE_THROW(uint32_t)
+iemNativeEmitShiftGprLeft(PIEMRECOMPILERSTATE pReNative, uint32_t off, uint8_t iGprDst, uint8_t cShift)
+{
+#if defined(RT_ARCH_AMD64)
+    off = iemNativeEmitShiftGprLeftEx(iemNativeInstrBufEnsure(pReNative, off, 4), off, iGprDst, cShift);
+#elif defined(RT_ARCH_ARM64)
+    off = iemNativeEmitShiftGprLeftEx(iemNativeInstrBufEnsure(pReNative, off, 1), off, iGprDst, cShift);
+#else
+# error "Port me"
+#endif
     IEMNATIVE_ASSERT_INSTR_BUF_ENSURE(pReNative, off);
     return off;
 …
  * Emits code for shifting a 32-bit GPR a fixed number of bits to the left.
  */
 DECL_INLINE_THROW(uint32_t)
 iemNativeEmitShiftGpr32Left(PIEMRECOMPILERSTATE pReNative, uint32_t off, uint8_t iGprDst, uint8_t cShift)
+DECL_FORCE_INLINE(uint32_t)
+iemNativeEmitShiftGpr32LeftEx(PIEMNATIVEINSTR pCodeBuf, uint32_t off, uint8_t iGprDst, uint8_t cShift)
+{
     Assert(cShift > 0 && cShift < 32);
 …
 #if defined(RT_ARCH_AMD64)
     /* shl dst, cShift */
-    uint8_t *pbCodeBuf = iemNativeInstrBufEnsure(pReNative, off, 4);
     if (iGprDst >= 8)
         pbCodeBuf[off++] = X86_OP_REX_B;
+        pCodeBuf[off++] = X86_OP_REX_B;
     if (cShift != 1)
+    {
+        pbCodeBuf[off++] = 0xc1;
+        pbCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, 4, iGprDst & 7);
+        pbCodeBuf[off++] = cShift;
+    }
+    else
+    {
+        pbCodeBuf[off++] = 0xd1;
+        pbCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, 4, iGprDst & 7);
+    }
+#elif defined(RT_ARCH_ARM64)
+    uint32_t *pu32CodeBuf = iemNativeInstrBufEnsure(pReNative, off, 1);
+    pu32CodeBuf[off++] = Armv8A64MkInstrLslImm(iGprDst, iGprDst, cShift, false /*64Bit*/);
+        pCodeBuf[off++] = 0xc1;
+        pCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, 4, iGprDst & 7);
+        pCodeBuf[off++] = cShift;
+    }
+    else
+    {
+        pCodeBuf[off++] = 0xd1;
+        pCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, 4, iGprDst & 7);
+    }
+#elif defined(RT_ARCH_ARM64)
+    pCodeBuf[off++] = Armv8A64MkInstrLslImm(iGprDst, iGprDst, cShift, false /*64Bit*/);
 #else
 # error "Port me"
 #endif
+    return off;
+}
+/**
+ * Emits code for shifting a 32-bit GPR a fixed number of bits to the left.
+ */
+DECL_INLINE_THROW(uint32_t)
+iemNativeEmitShiftGpr32Left(PIEMRECOMPILERSTATE pReNative, uint32_t off, uint8_t iGprDst, uint8_t cShift)
+{
+#if defined(RT_ARCH_AMD64)
+    off = iemNativeEmitShiftGpr32LeftEx(iemNativeInstrBufEnsure(pReNative, off, 4), off, iGprDst, cShift);
+#elif defined(RT_ARCH_ARM64)
+    off = iemNativeEmitShiftGpr32LeftEx(iemNativeInstrBufEnsure(pReNative, off, 1), off, iGprDst, cShift);
+#else
+# error "Port me"
+#endif
     IEMNATIVE_ASSERT_INSTR_BUF_ENSURE(pReNative, off);
     return off;
 …
  * Emits code for (unsigned) shifting a GPR a fixed number of bits to the right.
  */
 DECL_INLINE_THROW(uint32_t)
 iemNativeEmitShiftGprRight(PIEMRECOMPILERSTATE pReNative, uint32_t off, uint8_t iGprDst, uint8_t cShift)
+DECL_FORCE_INLINE(uint32_t)
+iemNativeEmitShiftGprRightEx(PIEMNATIVEINSTR pCodeBuf, uint32_t off, uint8_t iGprDst, uint8_t cShift)
+{
     Assert(cShift > 0 && cShift < 64);
 …
 #if defined(RT_ARCH_AMD64)
     /* shr dst, cShift */
+    uint8_t *pbCodeBuf = iemNativeInstrBufEnsure(pReNative, off, 4);
+    pbCodeBuf[off++] = iGprDst < 8 ? X86_OP_REX_W : X86_OP_REX_W | X86_OP_REX_B;
+    pCodeBuf[off++] = iGprDst < 8 ? X86_OP_REX_W : X86_OP_REX_W | X86_OP_REX_B;
     if (cShift != 1)
+    {
+        pbCodeBuf[off++] = 0xc1;
+        pbCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, 5, iGprDst & 7);
+        pbCodeBuf[off++] = cShift;
+    }
+    else
+    {
+        pbCodeBuf[off++] = 0xd1;
+        pbCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, 5, iGprDst & 7);
+    }
+#elif defined(RT_ARCH_ARM64)
+    uint32_t *pu32CodeBuf = iemNativeInstrBufEnsure(pReNative, off, 1);
+    pu32CodeBuf[off++] = Armv8A64MkInstrLsrImm(iGprDst, iGprDst, cShift);
+        pCodeBuf[off++] = 0xc1;
+        pCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, 5, iGprDst & 7);
+        pCodeBuf[off++] = cShift;
+    }
+    else
+    {
+        pCodeBuf[off++] = 0xd1;
+        pCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, 5, iGprDst & 7);
+    }
+#elif defined(RT_ARCH_ARM64)
+    pCodeBuf[off++] = Armv8A64MkInstrLsrImm(iGprDst, iGprDst, cShift);
+#else
+# error "Port me"
+#endif
+    return off;
+}
+/**
+ * Emits code for (unsigned) shifting a GPR a fixed number of bits to the right.
+ */
+DECL_INLINE_THROW(uint32_t)
+iemNativeEmitShiftGprRight(PIEMRECOMPILERSTATE pReNative, uint32_t off, uint8_t iGprDst, uint8_t cShift)
+{
+#if defined(RT_ARCH_AMD64)
+    off = iemNativeEmitShiftGprRightEx(iemNativeInstrBufEnsure(pReNative, off, 4), off, iGprDst, cShift);
+#elif defined(RT_ARCH_ARM64)
+    off = iemNativeEmitShiftGprRightEx(iemNativeInstrBufEnsure(pReNative, off, 1), off, iGprDst, cShift);
 #else
 # error "Port me"
 …
  * right.
  */
 DECL_INLINE_THROW(uint32_t)
 iemNativeEmitShiftGpr32Right(PIEMRECOMPILERSTATE pReNative, uint32_t off, uint8_t iGprDst, uint8_t cShift)
+DECL_FORCE_INLINE(uint32_t)
+iemNativeEmitShiftGpr32RightEx(PIEMNATIVEINSTR pCodeBuf, uint32_t off, uint8_t iGprDst, uint8_t cShift)
+{
     Assert(cShift > 0 && cShift < 32);
 …
 #if defined(RT_ARCH_AMD64)
     /* shr dst, cShift */
-    uint8_t *pbCodeBuf = iemNativeInstrBufEnsure(pReNative, off, 4);
     if (iGprDst >= 8)
         pbCodeBuf[off++] = X86_OP_REX_B;
+        pCodeBuf[off++] = X86_OP_REX_B;
     if (cShift != 1)
+    {
+        pbCodeBuf[off++] = 0xc1;
+        pbCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, 5, iGprDst & 7);
+        pbCodeBuf[off++] = cShift;
+    }
+    else
+    {
+        pbCodeBuf[off++] = 0xd1;
+        pbCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, 5, iGprDst & 7);
+    }
+#elif defined(RT_ARCH_ARM64)
+    uint32_t *pu32CodeBuf = iemNativeInstrBufEnsure(pReNative, off, 1);
+    pu32CodeBuf[off++] = Armv8A64MkInstrLsrImm(iGprDst, iGprDst, cShift, false /*64Bit*/);
+        pCodeBuf[off++] = 0xc1;
+        pCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, 5, iGprDst & 7);
+        pCodeBuf[off++] = cShift;
+    }
+    else
+    {
+        pCodeBuf[off++] = 0xd1;
+        pCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, 5, iGprDst & 7);
+    }
+#elif defined(RT_ARCH_ARM64)
+    pCodeBuf[off++] = Armv8A64MkInstrLsrImm(iGprDst, iGprDst, cShift, false /*64Bit*/);
 #else
 # error "Port me"
 #endif
+    IEMNATIVE_ASSERT_INSTR_BUF_ENSURE(pReNative, off);
+    return off;
+}
+/**
+ * Emits code for (unsigned) shifting a 32-bit GPR a fixed number of bits to the
+ * right.
+ */
+DECL_INLINE_THROW(uint32_t)
+iemNativeEmitShiftGpr32Right(PIEMRECOMPILERSTATE pReNative, uint32_t off, uint8_t iGprDst, uint8_t cShift)
+{
+#if defined(RT_ARCH_AMD64)
+    off = iemNativeEmitShiftGpr32RightEx(iemNativeInstrBufEnsure(pReNative, off, 4), off, iGprDst, cShift);
+#elif defined(RT_ARCH_ARM64)
+    off = iemNativeEmitShiftGpr32RightEx(iemNativeInstrBufEnsure(pReNative, off, 1), off, iGprDst, cShift);
+#else
+# error "Port me"
+#endif
+    IEMNATIVE_ASSERT_INSTR_BUF_ENSURE(pReNative, off);
+    return off;
+}
+/**
+ * Emits code for rotating a GPR a fixed number of bits to the left.
+ */
+DECL_FORCE_INLINE(uint32_t)
+iemNativeEmitRotateGprLeftEx(PIEMNATIVEINSTR pCodeBuf, uint32_t off, uint8_t iGprDst, uint8_t cShift)
+{
+    Assert(cShift > 0 && cShift < 64);
+#if defined(RT_ARCH_AMD64)
+    /* rol dst, cShift */
+    pCodeBuf[off++] = iGprDst < 8 ? X86_OP_REX_W : X86_OP_REX_W | X86_OP_REX_B;
+    if (cShift != 1)
+    {
+        pCodeBuf[off++] = 0xc1;
+        pCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, 0, iGprDst & 7);
+        pCodeBuf[off++] = cShift;
+    }
+    else
+    {
+        pCodeBuf[off++] = 0xd1;
+        pCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, 0, iGprDst & 7);
+    }
+#elif defined(RT_ARCH_ARM64)
+    pCodeBuf[off++] = Armv8A64MkInstrRorImm(iGprDst, iGprDst, cShift);
+#else
+# error "Port me"
+#endif
     return off;
+}
 …
  * with conditional instruction.
  */
+DECL_FORCE_INLINE(uint32_t)
+iemNativeEmitCmpGprWithGprEx(PIEMNATIVEINSTR pCodeBuf, uint32_t off, uint8_t iGprLeft, uint8_t iGprRight)
+{
+#ifdef RT_ARCH_AMD64
+    /* cmp Gv, Ev */
+    pCodeBuf[off++] = X86_OP_REX_W | (iGprLeft >= 8 ? X86_OP_REX_R : 0) | (iGprRight >= 8 ? X86_OP_REX_B : 0);
+    pCodeBuf[off++] = 0x3b;
+    pCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, iGprLeft & 7, iGprRight & 7);
+#elif defined(RT_ARCH_ARM64)
+    pCodeBuf[off++] = Armv8A64MkInstrCmpReg(iGprLeft, iGprRight);
+#else
+# error "Port me!"
+#endif
+    return off;
+}
+/**
+ * Emits a compare of two 64-bit GPRs, settings status flags/whatever for use
+ * with conditional instruction.
+ */
 DECL_INLINE_THROW(uint32_t)
 iemNativeEmitCmpGprWithGpr(PIEMRECOMPILERSTATE pReNative, uint32_t off, uint8_t iGprLeft, uint8_t iGprRight)
+{
 #ifdef RT_ARCH_AMD64
+    /* cmp Gv, Ev */
+    uint8_t * const pbCodeBuf = iemNativeInstrBufEnsure(pReNative, off, 3);
+    pbCodeBuf[off++] = X86_OP_REX_W | (iGprLeft >= 8 ? X86_OP_REX_R : 0) | (iGprRight >= 8 ? X86_OP_REX_B : 0);
+    pbCodeBuf[off++] = 0x3b;
+    pbCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, iGprLeft & 7, iGprRight & 7);
+    IEMNATIVE_ASSERT_INSTR_BUF_ENSURE(pReNative, off);
+#elif defined(RT_ARCH_ARM64)
+    off = iemNativeEmitCmpArm64(pReNative, off, iGprLeft, iGprRight, false /*f64Bit*/);
+    off = iemNativeEmitCmpGprWithGprEx(iemNativeInstrBufEnsure(pReNative, off, 3), off, iGprLeft, iGprRight);
+#elif defined(RT_ARCH_ARM64)
+    off = iemNativeEmitCmpGprWithGprEx(iemNativeInstrBufEnsure(pReNative, off, 1), off, iGprLeft, iGprRight);
 #else
 # error "Port me!"
 #endif
+    IEMNATIVE_ASSERT_INSTR_BUF_ENSURE(pReNative, off);
     return off;
+}
 …
  * with conditional instruction.
  */
+DECL_FORCE_INLINE(uint32_t)
+iemNativeEmitCmpGpr32WithGprEx(PIEMNATIVEINSTR pCodeBuf, uint32_t off, uint8_t iGprLeft, uint8_t iGprRight)
+{
+#ifdef RT_ARCH_AMD64
+    /* cmp Gv, Ev */
+    if (iGprLeft >= 8 || iGprRight >= 8)
+        pCodeBuf[off++] = (iGprLeft >= 8 ? X86_OP_REX_R : 0) | (iGprRight >= 8 ? X86_OP_REX_B : 0);
+    pCodeBuf[off++] = 0x3b;
+    pCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, iGprLeft & 7, iGprRight & 7);
+#elif defined(RT_ARCH_ARM64)
+    pCodeBuf[off++] = Armv8A64MkInstrCmpReg(iGprLeft, iGprRight, false /*f64Bit*/);
+#else
+# error "Port me!"
+#endif
+    return off;
+}
+/**
+ * Emits a compare of two 32-bit GPRs, settings status flags/whatever for use
+ * with conditional instruction.
+ */
 DECL_INLINE_THROW(uint32_t)
 iemNativeEmitCmpGpr32WithGpr(PIEMRECOMPILERSTATE pReNative, uint32_t off, uint8_t iGprLeft, uint8_t iGprRight)
+{
 #ifdef RT_ARCH_AMD64
+    /* cmp Gv, Ev */
+    uint8_t * const pbCodeBuf = iemNativeInstrBufEnsure(pReNative, off, 3);
+    if (iGprLeft >= 8 || iGprRight >= 8)
+        pbCodeBuf[off++] = (iGprLeft >= 8 ? X86_OP_REX_R : 0) | (iGprRight >= 8 ? X86_OP_REX_B : 0);
+    pbCodeBuf[off++] = 0x3b;
+    pbCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, iGprLeft & 7, iGprRight & 7);
+    IEMNATIVE_ASSERT_INSTR_BUF_ENSURE(pReNative, off);
+#elif defined(RT_ARCH_ARM64)
+    off = iemNativeEmitCmpArm64(pReNative, off, iGprLeft, iGprRight, false /*f64Bit*/);
+    off = iemNativeEmitCmpGpr32WithGprEx(iemNativeInstrBufEnsure(pReNative, off, 3), off, iGprLeft, iGprRight);
+#elif defined(RT_ARCH_ARM64)
+    off = iemNativeEmitCmpGpr32WithGprEx(iemNativeInstrBufEnsure(pReNative, off, 1), off, iGprLeft, iGprRight);
 #else
 # error "Port me!"
 #endif
+    IEMNATIVE_ASSERT_INSTR_BUF_ENSURE(pReNative, off);
     return off;
+}
 …
  * Emits a compare of a 32-bit GPR with a constant value, settings status
  * flags/whatever for use with conditional instruction.
+ *
+ * @note On ARM64 the @a uImm value must be in the range 0x000..0xfff or that
+ *       shifted 12 bits to the left (e.g. 0x1000..0xfff0000 with the lower 12
+ *       bits all zero).  Will release assert or throw exception if the caller
+ *       violates this restriction.
+ */
+DECL_FORCE_INLINE_THROW(uint32_t)
+iemNativeEmitCmpGpr32WithImmEx(PIEMNATIVEINSTR pCodeBuf, uint32_t off, uint8_t iGprLeft, uint32_t uImm)
+{
+#ifdef RT_ARCH_AMD64
+    if (iGprLeft >= 8)
+        pCodeBuf[off++] = X86_OP_REX_B;
+    if (uImm <= UINT32_C(0xff))
+    {
+        /* cmp Ev, Ib */
+        pCodeBuf[off++] = 0x83;
+        pCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, 7, iGprLeft & 7);
+        pCodeBuf[off++] = (uint8_t)uImm;
+    }
+    else
+    {
+        /* cmp Ev, imm */
+        pCodeBuf[off++] = 0x81;
+        pCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, 7, iGprLeft & 7);
+        pCodeBuf[off++] = RT_BYTE1(uImm);
+        pCodeBuf[off++] = RT_BYTE2(uImm);
+        pCodeBuf[off++] = RT_BYTE3(uImm);
+        pCodeBuf[off++] = RT_BYTE4(uImm);
+    }
+#elif defined(RT_ARCH_ARM64)
+    /** @todo guess there are clevere things we can do here...   */
+    if (uImm < _4K)
+        pCodeBuf[off++] = Armv8A64MkInstrAddSubUImm12(true /*fSub*/, ARMV8_A64_REG_XZR, iGprLeft, (uint32_t)uImm,
+                                                      false /*64Bit*/, true /*fSetFlags*/);
+    else if (uImm < RT_BIT_32(12+12) && (uImm & (_4K - 1)) == 0)
+        pCodeBuf[off++] = Armv8A64MkInstrAddSubUImm12(true /*fSub*/, ARMV8_A64_REG_XZR, iGprLeft, (uint32_t)uImm,
+                                                      false /*64Bit*/, true /*fSetFlags*/, true /*fShift12*/);
+    else
+# ifdef IEM_WITH_THROW_CATCH
+        AssertFailedStmt(IEMNATIVE_DO_LONGJMP(NULL, VERR_IEM_IPE_9));
+# else
+        AssertReleaseFailedStmt(off = UINT32_MAX);
+# endif
+#else
+# error "Port me!"
+#endif
+    return off;
+}
+/**
+ * Emits a compare of a 32-bit GPR with a constant value, settings status
+ * flags/whatever for use with conditional instruction.
  */
 DECL_INLINE_THROW(uint32_t)
 …
+{
 #ifdef RT_ARCH_AMD64
+    uint8_t * const pbCodeBuf = iemNativeInstrBufEnsure(pReNative, off, 7);
+    if (iGprLeft >= 8)
+        pbCodeBuf[off++] = X86_OP_REX_B;
+    if (uImm <= UINT32_C(0xff))
+    {
+        /* cmp Ev, Ib */
+        pbCodeBuf[off++] = 0x83;
+        pbCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, 7, iGprLeft & 7);
+        pbCodeBuf[off++] = (uint8_t)uImm;
+    }
+    else
+    {
+        /* cmp Ev, imm */
+        pbCodeBuf[off++] = 0x81;
+        pbCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, 7, iGprLeft & 7);
+        IEMNATIVE_ASSERT_INSTR_BUF_ENSURE(pReNative, off);
+        pbCodeBuf[off++] = RT_BYTE1(uImm);
+        pbCodeBuf[off++] = RT_BYTE2(uImm);
+        pbCodeBuf[off++] = RT_BYTE3(uImm);
+        pbCodeBuf[off++] = RT_BYTE4(uImm);
+    }
+    off = iemNativeEmitCmpGpr32WithImmEx(iemNativeInstrBufEnsure(pReNative, off, 7), off, iGprLeft, uImm);
 #elif defined(RT_ARCH_ARM64)
 …
  * Emits a JMP rel32 / B imm19 to the given label.
  */
 DECL_INLINE_THROW(uint32_t)
 iemNativeEmitJmpToLabel(PIEMRECOMPILERSTATE pReNative, uint32_t off, uint32_t idxLabel)
+DECL_FORCE_INLINE_THROW(uint32_t)
+iemNativeEmitJmpToLabelEx(PIEMRECOMPILERSTATE pReNative, PIEMNATIVEINSTR pCodeBuf, uint32_t off, uint32_t idxLabel)
+{
     Assert(idxLabel < pReNative->cLabels);
 #ifdef RT_ARCH_AMD64
-    uint8_t * const pbCodeBuf = iemNativeInstrBufEnsure(pReNative, off, 6);
     if (pReNative->paLabels[idxLabel].off != UINT32_MAX)
+    {
 …
         if ((int32_t)offRel < 128 && (int32_t)offRel >= -128)
+        {
             pbCodeBuf[off++] = 0xeb;                /* jmp rel8 */
             pbCodeBuf[off++] = (uint8_t)offRel;
+            pCodeBuf[off++] = 0xeb;                 /* jmp rel8 */
+            pCodeBuf[off++] = (uint8_t)offRel;
+        }
         else
+        {
             offRel -= 3;
             pbCodeBuf[off++] = 0xe9;                /* jmp rel32 */
             pbCodeBuf[off++] = RT_BYTE1(offRel);
             pbCodeBuf[off++] = RT_BYTE2(offRel);
             pbCodeBuf[off++] = RT_BYTE3(offRel);
             pbCodeBuf[off++] = RT_BYTE4(offRel);
+            pCodeBuf[off++] = 0xe9;                 /* jmp rel32 */
+            pCodeBuf[off++] = RT_BYTE1(offRel);
+            pCodeBuf[off++] = RT_BYTE2(offRel);
+            pCodeBuf[off++] = RT_BYTE3(offRel);
+            pCodeBuf[off++] = RT_BYTE4(offRel);
+        }
+    }
     else
+    {
         pbCodeBuf[off++] = 0xe9;                    /* jmp rel32 */
+        pCodeBuf[off++] = 0xe9;                     /* jmp rel32 */
         iemNativeAddFixup(pReNative, off, idxLabel, kIemNativeFixupType_Rel32, -4);
+        pbCodeBuf[off++] = 0xfe;
+        pbCodeBuf[off++] = 0xff;
+        pbCodeBuf[off++] = 0xff;
+        pbCodeBuf[off++] = 0xff;
+    }
+    pbCodeBuf[off++] = 0xcc;                        /* int3 poison */
+#elif defined(RT_ARCH_ARM64)
+    uint32_t *pu32CodeBuf = iemNativeInstrBufEnsure(pReNative, off, 1);
+        pCodeBuf[off++] = 0xfe;
+        pCodeBuf[off++] = 0xff;
+        pCodeBuf[off++] = 0xff;
+        pCodeBuf[off++] = 0xff;
+    }
+    pCodeBuf[off++] = 0xcc;                         /* int3 poison */
+#elif defined(RT_ARCH_ARM64)
     if (pReNative->paLabels[idxLabel].off != UINT32_MAX)
         pu32CodeBuf[off++] = Armv8A64MkInstrB(pReNative->paLabels[idxLabel].off - off);
+        pCodeBuf[off++] = Armv8A64MkInstrB(pReNative->paLabels[idxLabel].off - off);
     else
+    {
         iemNativeAddFixup(pReNative, off, idxLabel, kIemNativeFixupType_RelImm26At0);
+        pu32CodeBuf[off++] = Armv8A64MkInstrB(-1);
+    }
+        pCodeBuf[off++] = Armv8A64MkInstrB(-1);
+    }
+#else
+# error "Port me!"
+#endif
+    return off;
+}
+/**
+ * Emits a JMP rel32 / B imm19 to the given label.
+ */
+DECL_INLINE_THROW(uint32_t)
+iemNativeEmitJmpToLabel(PIEMRECOMPILERSTATE pReNative, uint32_t off, uint32_t idxLabel)
+{
+#ifdef RT_ARCH_AMD64
+    off = iemNativeEmitJmpToLabelEx(pReNative, iemNativeInstrBufEnsure(pReNative, off, 6), off, idxLabel);
+#elif defined(RT_ARCH_ARM64)
+    off = iemNativeEmitJmpToLabelEx(pReNative, iemNativeInstrBufEnsure(pReNative, off, 1), off, idxLabel);
 #else
 # error "Port me!"
 …
  * Emits a Jcc rel32 / B.cc imm19 to the given label (ASSUMED requiring fixup).
  */
+DECL_FORCE_INLINE_THROW(uint32_t)
+iemNativeEmitJccToLabelEx(PIEMRECOMPILERSTATE pReNative, PIEMNATIVEINSTR pCodeBuf, uint32_t off,
+                          uint32_t idxLabel, IEMNATIVEINSTRCOND enmCond)
+{
+    Assert(idxLabel < pReNative->cLabels);
+#ifdef RT_ARCH_AMD64
+    /* jcc rel32 */
+    pCodeBuf[off++] = 0x0f;
+    pCodeBuf[off++] = (uint8_t)enmCond | 0x80;
+    iemNativeAddFixup(pReNative, off, idxLabel, kIemNativeFixupType_Rel32, -4);
+    pCodeBuf[off++] = 0x00;
+    pCodeBuf[off++] = 0x00;
+    pCodeBuf[off++] = 0x00;
+    pCodeBuf[off++] = 0x00;
+#elif defined(RT_ARCH_ARM64)
+    iemNativeAddFixup(pReNative, off, idxLabel, kIemNativeFixupType_RelImm19At5);
+    pCodeBuf[off++] = Armv8A64MkInstrBCond(enmCond, -1);
+#else
+# error "Port me!"
+#endif
+    return off;
+}
+/**
+ * Emits a Jcc rel32 / B.cc imm19 to the given label (ASSUMED requiring fixup).
+ */
 DECL_INLINE_THROW(uint32_t)
 iemNativeEmitJccToLabel(PIEMRECOMPILERSTATE pReNative, uint32_t off, uint32_t idxLabel, IEMNATIVEINSTRCOND enmCond)
+{
+    Assert(idxLabel < pReNative->cLabels);
+#ifdef RT_ARCH_AMD64
+    /* jcc rel32 */
+    uint8_t * const pbCodeBuf = iemNativeInstrBufEnsure(pReNative, off, 6);
+    pbCodeBuf[off++] = 0x0f;
+    pbCodeBuf[off++] = (uint8_t)enmCond | 0x80;
+    iemNativeAddFixup(pReNative, off, idxLabel, kIemNativeFixupType_Rel32, -4);
+    pbCodeBuf[off++] = 0x00;
+    pbCodeBuf[off++] = 0x00;
+    pbCodeBuf[off++] = 0x00;
+    pbCodeBuf[off++] = 0x00;
+#elif defined(RT_ARCH_ARM64)
+    uint32_t *pu32CodeBuf = iemNativeInstrBufEnsure(pReNative, off, 1);
+    iemNativeAddFixup(pReNative, off, idxLabel, kIemNativeFixupType_RelImm19At5);
+    pu32CodeBuf[off++] = Armv8A64MkInstrBCond(enmCond, -1);
+#ifdef RT_ARCH_AMD64
+    off = iemNativeEmitJccToLabelEx(pReNative, iemNativeInstrBufEnsure(pReNative, off, 6), off, idxLabel, enmCond);
+#elif defined(RT_ARCH_ARM64)
+    off = iemNativeEmitJccToLabelEx(pReNative, iemNativeInstrBufEnsure(pReNative, off, 1), off, idxLabel, enmCond);
 #else
 # error "Port me!"
 …
  *       bytes long.
  */
+DECL_FORCE_INLINE(uint32_t)
+iemNativeEmitJccToFixedEx(PIEMNATIVEINSTR pCodeBuf, uint32_t off, uint32_t offTarget, IEMNATIVEINSTRCOND enmCond)
+{
+#ifdef RT_ARCH_AMD64
+    /* jcc rel8 / rel32 */
+    int32_t offDisp = (int32_t)(offTarget - (off + 2));
+    if (offDisp < 128 && offDisp >= -128)
+    {
+        pCodeBuf[off++] = (uint8_t)enmCond | 0x70;
+        pCodeBuf[off++] = RT_BYTE1((uint32_t)offDisp);
+    }
+    else
+    {
+        offDisp -= 4;
+        pCodeBuf[off++] = 0x0f;
+        pCodeBuf[off++] = (uint8_t)enmCond | 0x80;
+        pCodeBuf[off++] = RT_BYTE1((uint32_t)offDisp);
+        pCodeBuf[off++] = RT_BYTE2((uint32_t)offDisp);
+        pCodeBuf[off++] = RT_BYTE3((uint32_t)offDisp);
+        pCodeBuf[off++] = RT_BYTE4((uint32_t)offDisp);
+    }
+#elif defined(RT_ARCH_ARM64)
+    pCodeBuf[off++] = Armv8A64MkInstrBCond(enmCond, (int32_t)(offTarget - off));
+#else
+# error "Port me!"
+#endif
+    return off;
+}
+/**
+ * Emits a Jcc rel32 / B.cc imm19 with a fixed displacement.
+ *
+ * @note The @a offTarget is the absolute jump target (unit is IEMNATIVEINSTR).
+ *
+ *       Only use hardcoded jumps forward when emitting for exactly one
+ *       platform, otherwise apply iemNativeFixupFixedJump() to ensure hitting
+ *       the right target address on all platforms!
+ *
+ *       Please also note that on x86 it is necessary pass off + 256 or higher
+ *       for @a offTarget one believe the intervening code is more than 127
+ *       bytes long.
+ */
 DECL_INLINE_THROW(uint32_t)
 iemNativeEmitJccToFixed(PIEMRECOMPILERSTATE pReNative, uint32_t off, uint32_t offTarget, IEMNATIVEINSTRCOND enmCond)
+{
 #ifdef RT_ARCH_AMD64
+    /* jcc rel8 / rel32 */
+    uint8_t * const pbCodeBuf = iemNativeInstrBufEnsure(pReNative, off, 6);
+    int32_t         offDisp   = (int32_t)(offTarget - (off + 2));
+    if (offDisp < 128 && offDisp >= -128)
+    {
+        pbCodeBuf[off++] = (uint8_t)enmCond | 0x70;
+        pbCodeBuf[off++] = RT_BYTE1((uint32_t)offDisp);
+    }
+    else
+    {
+        offDisp -= 4;
+        pbCodeBuf[off++] = 0x0f;
+        pbCodeBuf[off++] = (uint8_t)enmCond | 0x80;
+        pbCodeBuf[off++] = RT_BYTE1((uint32_t)offDisp);
+        pbCodeBuf[off++] = RT_BYTE2((uint32_t)offDisp);
+        pbCodeBuf[off++] = RT_BYTE3((uint32_t)offDisp);
+        pbCodeBuf[off++] = RT_BYTE4((uint32_t)offDisp);
+    }
+#elif defined(RT_ARCH_ARM64)
+    uint32_t *pu32CodeBuf = iemNativeInstrBufEnsure(pReNative, off, 1);
+    pu32CodeBuf[off++] = Armv8A64MkInstrBCond(enmCond, (int32_t)(offTarget - off));
+    off = iemNativeEmitJccToFixedEx(iemNativeInstrBufEnsure(pReNative, off, 6), off, offTarget, enmCond);
+#elif defined(RT_ARCH_ARM64)
+    off = iemNativeEmitJccToFixedEx(iemNativeInstrBufEnsure(pReNative, off, 1), off, offTarget, enmCond);
 #else
 # error "Port me!"
 …
  * See notes on @a offTarget in the iemNativeEmitJccToFixed() documentation.
  */
+DECL_FORCE_INLINE(uint32_t) iemNativeEmitJmpToFixedEx(PIEMNATIVEINSTR pCodeBuf, uint32_t off, uint32_t offTarget)
+{
+#ifdef RT_ARCH_AMD64
+    /* jmp rel8 or rel32 */
+    int32_t offDisp = offTarget - (off + 2);
+    if (offDisp < 128 && offDisp >= -128)
+    {
+        pCodeBuf[off++] = 0xeb;
+        pCodeBuf[off++] = RT_BYTE1((uint32_t)offDisp);
+    }
+    else
+    {
+        offDisp -= 3;
+        pCodeBuf[off++] = 0xe9;
+        pCodeBuf[off++] = RT_BYTE1((uint32_t)offDisp);
+        pCodeBuf[off++] = RT_BYTE2((uint32_t)offDisp);
+        pCodeBuf[off++] = RT_BYTE3((uint32_t)offDisp);
+        pCodeBuf[off++] = RT_BYTE4((uint32_t)offDisp);
+    }
+#elif defined(RT_ARCH_ARM64)
+    pCodeBuf[off++] = Armv8A64MkInstrB((int32_t)(offTarget - off));
+#else
+# error "Port me!"
+#endif
+    return off;
+}
+/**
+ * Emits a JMP rel32/rel8 / B imm26 with a fixed displacement.
+ *
+ * See notes on @a offTarget in the iemNativeEmitJccToFixed() documentation.
+ */
 DECL_INLINE_THROW(uint32_t) iemNativeEmitJmpToFixed(PIEMRECOMPILERSTATE pReNative, uint32_t off, uint32_t offTarget)
+{
 #ifdef RT_ARCH_AMD64
+    /* jmp rel8 or rel32 */
+    uint8_t * const pbCodeBuf = iemNativeInstrBufEnsure(pReNative, off, 5);
+    int32_t         offDisp   = offTarget - (off + 2);
+    if (offDisp < 128 && offDisp >= -128)
+    {
+        pbCodeBuf[off++] = 0xeb;
+        pbCodeBuf[off++] = RT_BYTE1((uint32_t)offDisp);
+    }
+    else
+    {
+        offDisp -= 3;
+        pbCodeBuf[off++] = 0xe9;
+        pbCodeBuf[off++] = RT_BYTE1((uint32_t)offDisp);
+        pbCodeBuf[off++] = RT_BYTE2((uint32_t)offDisp);
+        pbCodeBuf[off++] = RT_BYTE3((uint32_t)offDisp);
+        pbCodeBuf[off++] = RT_BYTE4((uint32_t)offDisp);
+    }
+#elif defined(RT_ARCH_ARM64)
+    uint32_t *pu32CodeBuf = iemNativeInstrBufEnsure(pReNative, off, 1);
+    pu32CodeBuf[off++] = Armv8A64MkInstrB((int32_t)(offTarget - off));
+    off = iemNativeEmitJmpToFixedEx(iemNativeInstrBufEnsure(pReNative, off, 5), off, offTarget);
+#elif defined(RT_ARCH_ARM64)
+    off = iemNativeEmitJmpToFixedEx(iemNativeInstrBufEnsure(pReNative, off, 1), off, offTarget);
 #else
 # error "Port me!"
 …
  * Emits a test for any of the bits from @a fBits in the lower 8 bits of
  * @a iGprSrc, setting CPU flags accordingly.
+ *
+ * @note For ARM64 this only supports @a fBits values that can be expressed
+ *       using the two 6-bit immediates of the ANDS instruction.  The caller
+ *       must make sure this is possible!
+ */
+DECL_FORCE_INLINE_THROW(uint32_t)
+iemNativeEmitTestAnyBitsInGpr8Ex(PIEMNATIVEINSTR pCodeBuf, uint32_t off, uint8_t iGprSrc, uint8_t fBits)
+{
+    Assert(fBits != 0);
+    /* test Eb, imm8 */
+#ifdef RT_ARCH_AMD64
+    if (iGprSrc >= 4)
+        pCodeBuf[off++] = iGprSrc >= 8 ? X86_OP_REX_B : X86_OP_REX;
+    pCodeBuf[off++] = 0xf6;
+    pCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, 0, iGprSrc & 7);
+    pCodeBuf[off++] = fBits;
+#elif defined(RT_ARCH_ARM64)
+    /* ands xzr, src, [tmp|#imm] */
+    uint32_t uImmR     = 0;
+    uint32_t uImmNandS = 0;
+    if (Armv8A64ConvertMask32ToImmRImmS(fBits, &uImmNandS, &uImmR))
+        pu32CodeBuf[off++] = Armv8A64MkInstrAndsImm(ARMV8_A64_REG_XZR, iGprSrc, uImmNandS, uImmR, false /*f64Bit*/);
+    else
+# ifdef IEM_WITH_THROW_CATCH
+        AssertFailedStmt(IEMNATIVE_DO_LONGJMP(NULL, VERR_IEM_IPE_9));
+# else
+        AssertReleaseFailedStmt(off = UINT32_MAX);
+# endif
+#else
+# error "Port me!"
+#endif
+    return off;
+}
+/**
+ * Emits a test for any of the bits from @a fBits in the lower 8 bits of
+ * @a iGprSrc, setting CPU flags accordingly.
  */
 DECL_INLINE_THROW(uint32_t)
 …
 #ifdef RT_ARCH_AMD64
+    /* test Eb, imm8 */
+    uint8_t * const pbCodeBuf = iemNativeInstrBufEnsure(pReNative, off, 4);
+    if (iGprSrc >= 4)
+        pbCodeBuf[off++] = iGprSrc >= 8 ? X86_OP_REX_B : X86_OP_REX;
+    pbCodeBuf[off++] = 0xf6;
+    pbCodeBuf[off++] = X86_MODRM_MAKE(X86_MOD_REG, 0, iGprSrc & 7);
+    pbCodeBuf[off++] = fBits;
+#elif defined(RT_ARCH_ARM64)
+    off = iemNativeEmitTestAnyBitsInGpr8Ex(iemNativeInstrBufEnsure(pReNative, off, 4), off, iGprSrc, fBits);
+#elif defined(RT_ARCH_ARM64)
     /* ands xzr, src, [tmp|#imm] */
     uint32_t uImmR     = 0;

Note: See TracChangeset for help on using the changeset viewer.